beck [Mon, 29 May 2023 11:57:23 +0000 (11:57 +0000)]
Oops, Fa -> .Fa
beck [Mon, 29 May 2023 11:54:50 +0000 (11:54 +0000)]
Make X509_NAME_get_text_by[NID|OBJ] safer.
This is an un-revert with nits of the previously landed change
to do this which broke libtls. libtls has now been changed to
not use this function.
This change ensures that if something is returned it is "text"
(UTF-8) and a C string not containing a NUL byte. Historically
callers to this function assume the result is text and a C string
however the OpenSSL version simply hands them the bytes from an
ASN1_STRING and expects them to know bad things can happen which
they almost universally do not check for. Partly inspired by
goings on in boringssl.
ok jsing@ tb@
beck [Mon, 29 May 2023 11:14:19 +0000 (11:14 +0000)]
Stop suggesting that children play with loaded revolvers.
This takes much of the language that boring uses to document
the verify callback, and corrects the historical horror that
OpenSSL introduced years ago by suggesting people ignore expiry
dates using the callback instead of the verify flags.
nits by jsg@ and tb@
ok tb@
espie [Mon, 29 May 2023 09:05:24 +0000 (09:05 +0000)]
renamed log file
sf [Mon, 29 May 2023 08:13:35 +0000 (08:13 +0000)]
virtio: Set DRIVER_OK earlier
The DRIVER_OK bit must be set before using any virt-queues. To allow
virtio device drivers to use the virt-queues in their attach functions,
set the bit there and not in the virtio transport attach function. Only
vioscsi and viogpu really need this, but let's only have one standard
way to do this.
Noticed because of hangs with vioscsi on qemu/windows and in the Oracle
cloud. With much debugging help by Aaron Mason.
Also revert vioscsi.c 1.31 "Temporarily workaround double calls into
vioscsi_req_done()"
ok krw@
espie [Mon, 29 May 2023 07:35:39 +0000 (07:35 +0000)]
use v5.36, this one is somewhat trivial
deraadt [Mon, 29 May 2023 04:24:39 +0000 (04:24 +0000)]
some hackery to make arm64 ramdisk compile again
jsg [Mon, 29 May 2023 02:26:14 +0000 (02:26 +0000)]
recognise Cortex-A520 (Hayes), Cortex-A720 (Hunter), Cortex-X4 (Hunter-ELP)
jsing [Sun, 28 May 2023 17:42:30 +0000 (17:42 +0000)]
Provide optimised bn_mulw_{addw,addw_addw,addtw}() for aarch64.
This results in bn_mul_comba4() and bn_mul_comba8() requiring ~30% less
instructions than they did previously.
jsing [Sun, 28 May 2023 17:22:04 +0000 (17:22 +0000)]
Provide optimised bn_addw_addw()/bn_subw_subw() for aarch64.
jsing [Sun, 28 May 2023 14:54:37 +0000 (14:54 +0000)]
Sprinkle some style(9).
jsing [Sun, 28 May 2023 14:49:21 +0000 (14:49 +0000)]
Expand occurrences of HASH_CTX that were previously missed.
No change in generated assembly.
jsing [Sun, 28 May 2023 14:14:33 +0000 (14:14 +0000)]
Reorder functions.
No intended functional change.
jsing [Sun, 28 May 2023 13:57:27 +0000 (13:57 +0000)]
Clean up includes.
jsing [Sun, 28 May 2023 13:55:55 +0000 (13:55 +0000)]
Remove now unnecessary do {} while(0);
jsing [Sun, 28 May 2023 13:53:08 +0000 (13:53 +0000)]
Inline HASH_MAKE_STRING for SHA256.
No change to generated assembly.
jsing [Sun, 28 May 2023 10:34:17 +0000 (10:34 +0000)]
Rewrite BN_{asc,dec,hex}2bn() using CBS.
This gives us more readable and safer code. There are two intentional
changes to behaviour - firstly, all three functions zero any BN that was
passed in, prior to doing any further processing. This means that a passed
BN is always in a known state, regardless of what happens later. Secondly,
BN_asc2bn() now fails on NULL input, rather than crashing. This brings its
behaviour inline with BN_dec2bn() and BN_hex2bn().
ok tb@
beck [Sun, 28 May 2023 09:06:34 +0000 (09:06 +0000)]
correct comment, spotted by tb@
beck [Sun, 28 May 2023 09:02:01 +0000 (09:02 +0000)]
Refactor tls_check_common_name to use lower level API.
X509_NAME_get_text_by_NID is kind of a bad interface that
we wish to make safer, and does not give us the visibility
we really want here to detect hostile things.
Instead call the lower level functions to do some better
checking that should be done by X509_NAME_get_text_by_NID,
but is not in the OpenSSL version. Specifically we will treat
the input as hostile and fail if:
1) The certificate contains more than one CN in the subject.
2) The CN does not decode as UTF-8
3) The CN is of invalid length (must be between 1 and 64 bytes)
4) The CN contains a 0 byte
4) matches the existing logic, 1 and 2, and 3 are new checks.
ok tb@
asou [Sun, 28 May 2023 05:28:50 +0000 (05:28 +0000)]
Used number of bytes instead of number of 512 byte sectors.
ok dv@
tb [Sun, 28 May 2023 05:25:24 +0000 (05:25 +0000)]
Merge X509_VERIFY_PARAM_ID into X509_VERIFY_PARAM
Back in the day when essentially every struct was open to all applications,
X509_VERIFY_PARAM_ID provided a modicum of opacity. This indirection is now
no longer needed with X509_VERIFY_PARAM being opaque itself, so stop using
X509_VERIFY_PARAM_ID and merge it into X509_VERIFY_PARAM. This is a first
small step towards cleaning up the X509_VERIFY_PARAM mess.
ok jsing
kettenis [Sat, 27 May 2023 19:35:55 +0000 (19:35 +0000)]
Implement battery charge control.
ok patrick@, tobhe@
jsing [Sat, 27 May 2023 18:39:03 +0000 (18:39 +0000)]
Implement SHA256_{Update,Transform,Final}() directly in sha256.c.
m32_common.h is a typical OpenSSL macro horror show - copy the update,
transform and final functions from md32_common.h, manually expanding the
macros for SHA256. This will allow for further clean up to occur.
No change in generated assembly.
ok beck@ tb@
jsing [Sat, 27 May 2023 18:33:34 +0000 (18:33 +0000)]
Add HASH_NO_UPDATE and HASH_NO_TRANSFORM to md32_common.h
This makes it possible to still use minimal parts of md32_common.h, while
disabling the update and transform functions.
ok beck@ tb@
jsing [Sat, 27 May 2023 15:50:56 +0000 (15:50 +0000)]
Add coverage for calling BN_{dec,hex}2bn() with NULL inputs.
tb [Sat, 27 May 2023 13:54:46 +0000 (13:54 +0000)]
Bump LibreSSL version
espie [Sat, 27 May 2023 10:08:45 +0000 (10:08 +0000)]
the solver needs some love for later
espie [Sat, 27 May 2023 10:08:25 +0000 (10:08 +0000)]
remove the extra local variable (blessing a ref to self DOES work)
accordingly zap the extra blocks that are no longer needed making
this look less funky
espie [Sat, 27 May 2023 10:07:33 +0000 (10:07 +0000)]
comment/cosmetic
espie [Sat, 27 May 2023 10:07:12 +0000 (10:07 +0000)]
more comment
espie [Sat, 27 May 2023 10:06:55 +0000 (10:06 +0000)]
yeah, yeah, those names are horrible
espie [Sat, 27 May 2023 10:06:38 +0000 (10:06 +0000)]
finish making this a singleton class (which I don't always like
and is definitely worthy of a comment)
espie [Sat, 27 May 2023 10:05:50 +0000 (10:05 +0000)]
more descriptive comment
espie [Sat, 27 May 2023 10:04:17 +0000 (10:04 +0000)]
indicate that not having hashes already is just legacy needed
until all old packages are gone
espie [Sat, 27 May 2023 10:03:43 +0000 (10:03 +0000)]
point people towards relevant comments
espie [Sat, 27 May 2023 10:03:21 +0000 (10:03 +0000)]
a few comments
explicitly return undef from check,
which will prevent casual me from 'fixing' it later
espie [Sat, 27 May 2023 10:02:38 +0000 (10:02 +0000)]
prepare for 5.36: pass $code as @code so that we don't have
to decide a default right away (I should apply this
everywhere I go to read a plist actually)
espie [Sat, 27 May 2023 10:01:51 +0000 (10:01 +0000)]
comments
espie [Sat, 27 May 2023 10:01:38 +0000 (10:01 +0000)]
document base method
espie [Sat, 27 May 2023 10:01:21 +0000 (10:01 +0000)]
try/catch to be revisited
espie [Sat, 27 May 2023 10:01:08 +0000 (10:01 +0000)]
comments/cosmetics
espie [Sat, 27 May 2023 10:00:48 +0000 (10:00 +0000)]
restore documentation: explain what ArcCheck does
espie [Sat, 27 May 2023 10:00:23 +0000 (10:00 +0000)]
cosmetic/comments improvement
espie [Sat, 27 May 2023 09:59:51 +0000 (09:59 +0000)]
- make the handling of interactive more regular by
delegating the choice of the class to a separate method
- zap/improve meaningless comments
- mark ntogo as a focus for improvements
espie [Sat, 27 May 2023 09:58:26 +0000 (09:58 +0000)]
prepare for 5.36, document methods in base class
jsing [Sat, 27 May 2023 09:18:17 +0000 (09:18 +0000)]
Clean up alignment handling for SHA-512.
This recommits r1.37 of sha512.c, however uses uint8_t * instead of void *
for the crypto_load_* functions and primarily uses const uint8_t * to track
input, only casting to const SHA_LONG64 * once we know that it is suitably
aligned. This prevents the compiler from implying alignment based on type.
Tested by tb@ and deraadt@ on platforms with gcc and strict alignment.
ok tb@
otto [Sat, 27 May 2023 04:33:00 +0000 (04:33 +0000)]
Remove malloc interposition, a workaround that was once needed for emacs
ok guenther@
claudio [Fri, 26 May 2023 14:57:38 +0000 (14:57 +0000)]
Properly account del_extra_files and add the value to the json header.
OK tb@ (from a larger diff)
tb [Fri, 26 May 2023 13:44:05 +0000 (13:44 +0000)]
Move verified_chain from SSL to SSL_HANDSHAKE
This is a better version of the fix for the missing pointer invalidation
but a bit larger, so errata got the minimal fix.
tested by jcs
ok jsing
kn [Fri, 26 May 2023 12:13:26 +0000 (12:13 +0000)]
Remove net lock from DIOC{S,G}ETLIMIT
Grab the pf lock for pf_pool_limits[] in pfsync such that all access is
covered by the pf lock; document accordingly.
Hard memory pool limits don't need the net lock for protection, pool(9)s
have their own internal lock and the pf lock fully covers limit values.
(pf_pool_limits[] access in DIOCXCOMMIT remains under pf *and net* lock
until the rest in there gets pulled out of the net lock.)
OK sashan
kn [Fri, 26 May 2023 11:41:50 +0000 (11:41 +0000)]
simplify yes/no answer handling
ask_yn() returns 0/1 on yes/no, so use the shorter '|| skip' found in
install.sub; no functional change.
OK solene
kurt [Thu, 25 May 2023 19:35:58 +0000 (19:35 +0000)]
Disable witness for mutexes created on the stack which allows
the ddb command 'show witness' to succeed without panicking.
Leaving witness enabled on these mutexes saves a pointer to
struct lock_type on the stack which gets clobbered resulting
in a panic in witness_ddb_display_descendants().
okay miod@
kurt [Thu, 25 May 2023 19:32:34 +0000 (19:32 +0000)]
Work around sparc64 WITNESS kernel failing to load by moving large witness
data structures from bss to be allocated in witness_initialize().
Tested on sparc64, amd64, arm64, i386, octeon. okay miod@
claudio [Thu, 25 May 2023 14:20:25 +0000 (14:20 +0000)]
In session_process_msg() recheck the validity of the rbuf before moving
the remaining data around.
There is an improbable case where a NOTIFICATION is received while also
reaching the MSG_PROCESS_LIMIT. In this case rbuf is NULL when breaking
out of the for loop and hitting this code.
sthen@ is the (un)lucky person to hit that improbable case
OK tb@ sthen@
claudio [Thu, 25 May 2023 12:52:56 +0000 (12:52 +0000)]
Update usage add -P epoch
claudio [Thu, 25 May 2023 12:49:39 +0000 (12:49 +0000)]
Fix repo_cleanup_entry() state machine so that the repository lookups
are done when the full repo path is available. Without this all repo
lookups returned NULL and the code did not work as intended.
OK tb@
op [Thu, 25 May 2023 11:37:58 +0000 (11:37 +0000)]
remove two unused defines
last PROC_COUNT use was removed with the switch to fork+exec by eric@ in
2016, CA_FILE with the removal of cert.c two years ago.
ok tb@, kn@
sthen [Thu, 25 May 2023 09:41:46 +0000 (09:41 +0000)]
After RFC 9110, the IANA services registry now lists both udp and tcp
for https (HTTP/3 over QUIC). Add it to /etc/services so that it's included
when /etc/rc populates sysctl net.inet.udp.baddynamic.
suggested by Renauld Allard, ok tb@
op [Thu, 25 May 2023 07:46:21 +0000 (07:46 +0000)]
Forcibly update the EVP_PKEY's internal key
To aid privilege separation, libtls maintains application-specific data
on the key inside the EVP_PKEY abstraction because the EVP API doesn't
provide a way to do that on the EVP_PKEY itself.
OpenSSL 3 changed behavior of EVP_PKEY_get1_RSA() and related functions.
These now return a struct from some cache. Thus, modifying the RSA will
no longer modify the EVP_PKEY like it did previously, which was clearly
implied to be the case in the older documentation.
This is a subtle breaking change that affects several applications.
While this is documented, no real solution is provided. The transition
plan from one OpenSSL major version to the next one tends to involve
many #ifdef in the ecosystem, and the only suggestion provided by the
new documentation is to switch to a completely unrelated, new API.
Instead, forcibly reset the internal key on EVP_PKEY after modification,
this way the change is picked up also by OpenSSL 3.
Fixes issue 1171 in OpenSMTPD-portable
ok tb@, jsing@
claudio [Thu, 25 May 2023 07:45:33 +0000 (07:45 +0000)]
Do not use wakeup_proc() outside of the sleep machinery. Just use
wakeup_one().
OK mpi@
djm [Wed, 24 May 2023 23:01:06 +0000 (23:01 +0000)]
fix AuthorizedPrincipalsCommand when AuthorizedKeysCommand appears
previously in configuration. Reported by John Meyers in bz3574
ok dtucker@
bluhm [Wed, 24 May 2023 20:31:49 +0000 (20:31 +0000)]
Skip tests if p5-BSD-Socket-Splice is not installed.
naddy [Wed, 24 May 2023 20:04:05 +0000 (20:04 +0000)]
replace "$(cat file)" with the ksh construct "$(<file)"
ok kn@ millert@
op [Wed, 24 May 2023 15:48:11 +0000 (15:48 +0000)]
mark S_ISVTX with Dv in sticky(8); makes `man -k any=S_ISVTX' more useful
ok millert@
millert [Wed, 24 May 2023 14:20:33 +0000 (14:20 +0000)]
ksh: make $(< filename) error output include the errno string.
This is more consistent with how bash, zsh and ksh93 behave and
makes $(< filename) more of a drop-in replacment for $(cat filename).
OK kn@ florian@
bluhm [Wed, 24 May 2023 11:52:30 +0000 (11:52 +0000)]
Default pf rule "block return; pass" interferes with test.
Use "block; pass" instead.
tb [Wed, 24 May 2023 09:57:50 +0000 (09:57 +0000)]
Update X509_VERIFY_PARAM_inherit() to reflect the change of behavior
in x509_vpm.c r1.39.
tb [Wed, 24 May 2023 09:15:14 +0000 (09:15 +0000)]
Copy the verify param hostflags independently of the host list
Without this, hostflags set on the SSL_CTX would not propagate to newly
created SSL. This is surprising behavior that was changed in OpenSSL 1.1
by Christian Heimes after the issue was flagged by Quentin Pradet:
https://bugs.python.org/issue43522
This is a version of the fix that landed in OpenSSL.
There used to be a workaround in place in urllib3, but that was removed at
some point. We haven't fixed this earlier since it wasn't reported. It only
showed up after recent fallout of extraordinarily strict library checking
in urllib3 coming from their own interpretation of the implications of
PEP 644.
ok jsing
tb [Wed, 24 May 2023 08:54:59 +0000 (08:54 +0000)]
Add a test to verify that an SSL inherits the hostflags from the SSL_CTX
This is currently an expected failure that will be fixed shortly.
tb [Wed, 24 May 2023 08:49:06 +0000 (08:49 +0000)]
Provide CRYPTO_INT for statically linking libcrypto for libssl regress
This will be needed for the ssl_verify_param test
tb [Wed, 24 May 2023 08:46:01 +0000 (08:46 +0000)]
Provide X509_VERIFY_PARAM_set_hostflags()
This is needed for an upcoming regress test that needs to access the
hostflag. This is public API in OpenSSL but since nothing seems to be
using this, this accessor will be kept internal-only for the time being.
ok jsing
denis [Tue, 23 May 2023 16:39:29 +0000 (16:39 +0000)]
Force comport initialization for some class of device
Some com@acpi devices will fail the comprobe1() check which can lead to
hang or reboot of the machine.
Input from deraadt@ kettenis@
OK miod@
denis [Tue, 23 May 2023 16:34:01 +0000 (16:34 +0000)]
regen
patrick [Tue, 23 May 2023 14:10:27 +0000 (14:10 +0000)]
Add qcaoss(4), a driver for the Always On Subsystem found on Qualcomm SoCs.
This subsystem typically provides an interface for clocks and regulators
not controlled via RPMH. We will use it to switch the load state of the
ADSP co-processor. Surprisingly, or maybe not, the interface uses ASCII
text that kind of looks like JSON.
ok kettenis@
claudio [Tue, 23 May 2023 13:57:14 +0000 (13:57 +0000)]
Replace ibuf_advance() with ibuf_reserve().
OK tobhe@ tb@ kn@
krw [Tue, 23 May 2023 13:20:31 +0000 (13:20 +0000)]
With the retirement of expert mode, get_fsize(), get_bsize() and
get_cpt() simply set a partition's p_fragblock/p_cpg to default
values. Replace them with a single function set_fragblock().
No functional change.
claudio [Tue, 23 May 2023 13:12:19 +0000 (13:12 +0000)]
Replace ibuf_release() with ibuf_free() since the former just calls the latter
OK kn@ tb@
claudio [Tue, 23 May 2023 12:43:26 +0000 (12:43 +0000)]
There is no need to ibuf_zero() or memset() any buffers.
More cleanup will follow.
OK tobhe@
claudio [Tue, 23 May 2023 12:41:28 +0000 (12:41 +0000)]
Avoid calling malloc with a zero length argument.
ibuf_open() will return an error in this case while ibuf_dynamic() accepts
a 0 len argument and just initialized the buffer and length to zero.
A later ibuf_realloc() call will take care of allocating the buffer.
Additionally switch from malloc() to calloc() when allocating the buffer
this way the buffer is initalized and in ibuf_reserve() an addtional
memset() is used to make sure that the reserved data is zeroed.
OK tb@
tb [Tue, 23 May 2023 11:51:12 +0000 (11:51 +0000)]
Simplify OBJ_obj2txt()
Instead of adding a NUL termination to OBJ_obj2txt(), move the aobj == NULL
or aobj->data == NULL checks to i2t_ASN1_OBJECT_internal(). The only other
caller, i2t_ASN1_OBJECT(), fails on aobj == NULL and aobj->length == 0, and
the latter condition is implied by aobj->data.
Cleaner solution for obj_dat.c r1.52
suggested by/ok jsing
tb [Tue, 23 May 2023 11:06:52 +0000 (11:06 +0000)]
Add empty line for consistency
tb [Tue, 23 May 2023 11:05:09 +0000 (11:05 +0000)]
Add regress coverage for obj_dat.c r1.52
tb [Tue, 23 May 2023 11:04:04 +0000 (11:04 +0000)]
Always NUL terminate buf in OBJ_obj2txt()
OBJ_obj2txt() is often called without error checking and is used for
reporting unexpected or malformed objects. As such, we should ensure
buf is a string even on failure. This had long been the case before it
was lost in a recent rewrite. If obj and obj->data are both non-NULL
this is already taken care of by i2t_ASN1_OBJECT_internal(), so many
callers were still safe.
ok miod
espie [Tue, 23 May 2023 10:02:46 +0000 (10:02 +0000)]
don't pass state, we get them from the progressmeter
kettenis [Tue, 23 May 2023 09:37:49 +0000 (09:37 +0000)]
Add IBT support to the retpoline PLTs. Since we use retpoline PLTs by
default on OpenBSD this will give us IBT support by default. Fixes
indirect function calls for functions in shared libraries.
This doesn't fix retpoline+znow PLTs yet; a fix for that will follow.
ok miod@, guenther@
claudio [Tue, 23 May 2023 09:32:37 +0000 (09:32 +0000)]
Don't use ibuf_open(0) as test. 0 lenght ibufs make little sense and
result in a malloc(0) call which is no bueno. Use ibuf_open(1) instead.
OK miod@
jan [Tue, 23 May 2023 09:16:16 +0000 (09:16 +0000)]
New counters for LRO packets from hardware TCP offloading.
With tweaks from patrick@ and bluhm@.
OK bluhm@
tb [Tue, 23 May 2023 06:55:31 +0000 (06:55 +0000)]
cms_asn1.c: zap stray tabs
tb [Tue, 23 May 2023 06:42:08 +0000 (06:42 +0000)]
Convert ASN1_INTEGER_get() to ASN1_INTEGER_get_uint64()
The former is broken by design and should not be used. The latter allows
for unambiguous error checking. Add a few casts to print uint64_t without
the PRIu64 monstrosity.
ok claudio
tb [Tue, 23 May 2023 06:39:31 +0000 (06:39 +0000)]
Simplify as_id_parse() using ASN1_INTEGER_get_uint64()
Instead of decoding an ASN1_INTEGER by hand because ASN1_INTEGER_get()
is broken by design and would report an error on LP32 architectures for
the reserved ASid UINT32_MAX, we can simplify this ugliness and use the
ASN1_INTEGER_get_uint64() API, available since LibreSSL 3.6.
ok claudio
kn [Mon, 22 May 2023 23:32:31 +0000 (23:32 +0000)]
Drop unused md_prep_fdisk() argument in disk crypto question handler
It takes just one, the disk; the second snuck from earlier development into
the intial r1.1231 commit.
tb [Mon, 22 May 2023 19:38:04 +0000 (19:38 +0000)]
Remove misplaced semicolons in .Fa
bluhm [Mon, 22 May 2023 16:08:34 +0000 (16:08 +0000)]
Fix TSO for traffic to a local address on a physical interface.
When sending TCP packets with software TSO to the local address of
a physical interface, the TCP checksum was miscalculated. As the
small MSS is taken from the physical interface, but the large MTU
of the loopback interface is used, large TSO packets are generated,
but sent directly to the loopback interface. There we need the
regular pseudo header checksum and not the modified without packet
length.
To avoid this confusion, use the same decision for checksum generation
in in_proto_cksum_out() as for using hardware TSO in tcp_if_output_tso().
bug reported and tested by robert@ bket@ Hrvoje Popovski
OK claudio@ jan@
tb [Mon, 22 May 2023 15:20:16 +0000 (15:20 +0000)]
Bye, bye, horrible reacharounds into libcrypto
Now that rpki-client no longer uses LibreSSL-specific ASN1_time_* API,
we can get rid of some of the gross hacks needed for testing against
OpenSSL in regress. This simplifies things greatly.
Unfortunately, the unistd.h hack needs to stay until someone unearths
their STACK_OF compat diffs.
tb [Mon, 22 May 2023 15:15:25 +0000 (15:15 +0000)]
Convert generalizedtime_to_tm() to ASN1_TIME_to_tm()
Second step of moving away from ASN1_time_parse(). Being an OpenSSL API,
ASN1_TIME_to_tm() supports a variety of things. In this specific case we
don't really want it to parse anything but a GeneralizedTime expressed in
Zulu time. Unfortunately, OpenSSL make this annoying. So punt on this and
only do checks for the correct type and length. LibreSSL only accepts Zulu
time, so there is no change of behavior.
ok claudio job
tb [Mon, 22 May 2023 15:07:02 +0000 (15:07 +0000)]
Convert x509_get_time() to ASN1_TIME_to_tm()
Instead of using the LibreSSL-specific ASN1_time_parse(), we can use
OpenSSL's ASN1_TIME_to_tm() which LibreSSL provides since 3.6.0. The
latter has a few API quirks such as silently falling back to being a
timegm() replacement if called with a NULL ASN1_TIME. We don't want
that, so just return an error instead.
rpki-client portable now needs LibreSSL >= 3.6. This is a small price
to pay for rather significant smiplifications in regress and portable
(which will be possible after the next commit).
Also adjust a couple of error strings.
ok claudio job
tb [Mon, 22 May 2023 14:56:00 +0000 (14:56 +0000)]
Avoid use of LibreSSL-specific ASN1_time_tm_cmp() API
We convert these struct tm into time_t in the next few lines, so we can
simply use > instead.
ok claudio job
denis [Mon, 22 May 2023 13:23:56 +0000 (13:23 +0000)]
Add EPYC Embedded 3000 10GbE NIC
Input by sthen@
OK miod@
tobhe [Mon, 22 May 2023 12:53:04 +0000 (12:53 +0000)]
Remove unused variable kerr.
ok bluhm@
bluhm [Mon, 22 May 2023 12:37:00 +0000 (12:37 +0000)]
Remove duplicate entries in kvars.
OK tobhe@