tb [Fri, 21 Jul 2023 15:26:51 +0000 (15:26 +0000)]
Add missing license for rsa_local.h
discussed with jsing
tb [Fri, 21 Jul 2023 10:46:54 +0000 (10:46 +0000)]
Simple adjustments for DSO removal
openssl.cnf.5 will need a major overhaul. But that isn't new...
tb [Fri, 21 Jul 2023 10:45:44 +0000 (10:45 +0000)]
Stop mentioning some ERR_load_*_strings that will be removed
tb [Fri, 21 Jul 2023 09:04:23 +0000 (09:04 +0000)]
Provide a bunch of always failing ENGINE API
This commit adds a few symbols under OPENSSL_NO_ENGINE. They will be used
after the main ENGINE code is disabled in the next bump.
The ecosystem is mostly prepared for dealing with a libcrypto compiled
with OPENSSL_NO_ENGINE. There are a few stragglers like M2Crypto, dovecot
and the latest apr-util release (fixed in their development branch).
To avoid intrusive patching in these ports, we need to keep a bunch of
ENGINE symbols around despite adding OPENSSL_NO_ENGINE. This of course
meant patching some other ports, but that was way easier.
ok jsing
tb [Fri, 21 Jul 2023 05:04:48 +0000 (05:04 +0000)]
Fix Xr order to appease mandoc -Tlint
tb [Fri, 21 Jul 2023 05:02:53 +0000 (05:02 +0000)]
Remove OBJ_add_sigid and OBJ_sigid_free documentation
These will be made internal and will likely go away. The OBJ_add_sigid.3
manual should probably be renamed; this can be done in a second step.
tb [Fri, 21 Jul 2023 04:51:27 +0000 (04:51 +0000)]
sync
tb [Fri, 21 Jul 2023 04:50:47 +0000 (04:50 +0000)]
Remove ASN1_buf_print documentation
This function will be made internal-only and likely be renamed/rewritten.
tb [Fri, 21 Jul 2023 04:44:40 +0000 (04:44 +0000)]
Remove remaining ECDSA_METHOD documentation
tb [Fri, 21 Jul 2023 04:39:49 +0000 (04:39 +0000)]
Remove documentation of ECDH/ECDSA ex_data API
tb [Fri, 21 Jul 2023 04:35:36 +0000 (04:35 +0000)]
Document ENGINE_get_default_EC
ENGINE_get_default_{ECDH,ECDSA} will go away and won't come back. Replace
their documentation with the missing ENGINE_get_defaulT_EC. In the unlikely
event that we will need to bring back ENGINE after the next bump, this
manual will not be outdated and incomplete.
tb [Fri, 21 Jul 2023 04:29:27 +0000 (04:29 +0000)]
Document ENGINE_{get,set}_EC
ENGINE_{get,set}_{ECDH,ECDSA} will go away and won't come back. Replace
their documentation with the missing ENGINE_{get,set}_EC. In the unlikely
event that we will need to bring back ENGINE after the next bump, this
manual will not be outdated and incomplete.
guenther [Fri, 21 Jul 2023 04:04:51 +0000 (04:04 +0000)]
Rename ARCH_CAPABILITIES_* #defined to ARCH_CAP_*
Provide more ARCH_CAP_* defines per June 2023 SDM
ok jsg@ deraadt@
jcs [Fri, 21 Jul 2023 02:19:49 +0000 (02:19 +0000)]
add missing newline on successful attachment, spotted by bmercer
remove duplicate prefixes on unsuccessful attachment, wrap at 80,
other minor nits
kettenis [Thu, 20 Jul 2023 20:40:44 +0000 (20:40 +0000)]
Remove unused function prototype.
kettenis [Thu, 20 Jul 2023 20:32:11 +0000 (20:32 +0000)]
Make sure -msign-return-address doesn't disable BTI support.
ok deraadt@
espie [Thu, 20 Jul 2023 17:56:37 +0000 (17:56 +0000)]
fix esoteric error message in case PackageName parses stuff to a bogus
fullpkgname, as seen by Matthias Schmidt
tb [Thu, 20 Jul 2023 17:27:54 +0000 (17:27 +0000)]
Remove a few workarounds that are no longer necessary
tb [Thu, 20 Jul 2023 16:36:06 +0000 (16:36 +0000)]
Remove some ancient cruft that hasn't been used in ages
discussed with jsing
tb [Thu, 20 Jul 2023 16:28:03 +0000 (16:28 +0000)]
sync
tb [Thu, 20 Jul 2023 16:26:40 +0000 (16:26 +0000)]
Move get_rfc3526_prime_8192.3 to BN_get_rfc3526_prime_8192.3
This way we will have a manual corresponding to an existing function after
the next bump.
tb [Thu, 20 Jul 2023 15:08:12 +0000 (15:08 +0000)]
Remove unnecessary inclusion of dso.h
tb [Thu, 20 Jul 2023 15:05:30 +0000 (15:05 +0000)]
Remove last internal consumer of DSO
It is currently possible to extend libcrypto by having it load a shared
object via dlopen() either from a config file on library initialization
or when an application calls the relevant API. Recent and not so recent
events showed how dangerous an idea dlopen() is. Independently of such
concerns, this should not be handled in the characteristically convoluted
way of this toolkit. DSO will go away in the upcoming bump. This commit
clears the road for a plain cvs rm of the dso code.
ok jsing
tb [Thu, 20 Jul 2023 14:17:13 +0000 (14:17 +0000)]
eng_aesni.c: add evp_local.h so it compiles again.
claudio [Thu, 20 Jul 2023 11:10:03 +0000 (11:10 +0000)]
Use sizeof(destination) not sizeof(source) in strlcpy() calls.
OK tb@
claudio [Thu, 20 Jul 2023 09:43:00 +0000 (09:43 +0000)]
Revert rev 1.129:
When detaching devices when we suspend, we need to continue processing
command completion events. So only return early in xhci_softintr() if
the controller is dead instead of dying. This fixes USB suspend/resume
in Apple M1/M2.
ok mlarkin@, deraadt@
-----
The change does not only allow completion events to be processed but also
events that get processed by the drivers attached to this usb bus. As a
result I see a uvm panic on suspend in urtwn(4) which is triggered by a
bad rx eof.
OK kettenis@
tb [Thu, 20 Jul 2023 09:38:45 +0000 (09:38 +0000)]
Remove get_rfc*_prime_* documentation
Their BN_get_rfc*_prime_* aliases from the OpenSSL 1.1 API will remain.
Perhaps the manual should be moved to BN_get_rfc3526_prime_8192.3; that
can be done in a second step.
tb [Thu, 20 Jul 2023 09:28:30 +0000 (09:28 +0000)]
Remove ECDSA_{do_,}sign_ex() and ECDSA_sign_setup()
These very poorly designed interfaces will go away, so stop documenting
them.
jsg [Thu, 20 Jul 2023 09:07:39 +0000 (09:07 +0000)]
drm/i915/tc: Fix system resume MST mode restore for DP-alt sinks
From Imre Deak
1bdcffaa0d2c1dd0510d1b364c409e1c8fc96aa3 in linux-6.1.y/6.1.39
06f66261a1567d66b9d35c87393b6edfbea4c8f8 in mainline linux
jsg [Thu, 20 Jul 2023 09:04:59 +0000 (09:04 +0000)]
drm/i915/tc: Fix TC port link ref init for DP MST during HW readout
From Imre Deak
99025116f5c685d5af32ffd8552c47360d3adcb0 in linux-6.1.y/6.1.39
67165722c27cc46de112a4e10b450170c8980a6f in mainline linux
jsg [Thu, 20 Jul 2023 09:03:18 +0000 (09:03 +0000)]
drm/i915: Fix TypeC mode initialization during system resume
From Imre Deak
eaa0043a85795fd4ab10285750cabdf5c2abc8cd in linux-6.1.y/6.1.39
a82796a2e332d108b2d3aff38509caad370f69b5 in mainline linux
jsg [Thu, 20 Jul 2023 09:00:58 +0000 (09:00 +0000)]
drm/amd: Don't try to enable secure display TA multiple times
From Mario Limonciello
4033b47642c7e2956bb556f2dd953b5e9e47d927 in linux-6.1.y/6.1.39
5c6d52ff4b61e5267b25be714eb5a9ba2a338199 in mainline linux
jsg [Thu, 20 Jul 2023 08:59:21 +0000 (08:59 +0000)]
drm/amdgpu: fix number of fence calculations
From Christian Koenig
0d4e60e23c7d6a54f80e1b8ceec9a8c3df736dad in linux-6.1.y/6.1.39
570b295248b00c3cf4cf59e397de5cb2361e10c2 in mainline linux
jsg [Thu, 20 Jul 2023 08:56:48 +0000 (08:56 +0000)]
drm/i915/guc/slpc: Apply min softlimit correctly
From Vinay Belgaumkar
dcb526d768359095a438336f3aca5e8d98b7d2e6 in linux-6.1.y/6.1.39
3e49de73fb89272dea01ba420c7ccbcf6b96aed7 in mainline linux
jsg [Thu, 20 Jul 2023 08:55:08 +0000 (08:55 +0000)]
drm/i915/psr: Use hw.adjusted mode when calculating io/fast wake times
From Jouni Hogander
61070305d5207742027d2e46a0d72f81959125b8 in linux-6.1.y/6.1.39
5311892a0ad1d301aafd53ca0154091b3eb407ea in mainline linux
jsg [Thu, 20 Jul 2023 08:51:39 +0000 (08:51 +0000)]
Revert "drm/amd/display: edp do not add non-edid timings"
From Hersen Wu
b91748bdbfb10673bc128179eb71cf66cb9641c4 in linux-6.1.y/6.1.39
d6149086b45e150c170beaa4546495fd1880724c in mainline linux
jsg [Thu, 20 Jul 2023 08:49:41 +0000 (08:49 +0000)]
drm/amdgpu: Fix usage of UMC fill record in RAS
From Luben Tuikov
0e2c51a16fcb9e69923906bdaecdbbe1ea4fb8e9 in linux-6.1.y/6.1.39
71344a718a9fda8c551cdc4381d354f9a9907f6f in mainline linux
jsg [Thu, 20 Jul 2023 08:47:27 +0000 (08:47 +0000)]
drm/amdgpu: Fix memcpy() in sienna_cichlid_append_powerplay_table function.
From Srinivasan Shanmugam
8d68ba92554b79a93f52bea0cf778eb7821c9901 in linux-6.1.y/6.1.39
d50dc746ff72b9c48812dac3344fa87fbde940a3 in mainline linux
jsg [Thu, 20 Jul 2023 08:45:36 +0000 (08:45 +0000)]
amdgpu: validate offset_in_bo of drm_amdgpu_gem_va
From Chia-I Wu
b10db1d2137415e5e7f9706d96cfe77539c499d4 in linux-6.1.y/6.1.39
9f0bcf49e9895cb005d78b33a5eebfa11711b425 in mainline linux
jsg [Thu, 20 Jul 2023 08:43:49 +0000 (08:43 +0000)]
drm/radeon: fix possible division-by-zero errors
From Nikita Zhandarovich
1420545b8a155416b8bc2bb86a7709e9ca0c620c in linux-6.1.y/6.1.39
1becc57cd1a905e2aa0e1eca60d2a37744525c4a in mainline linux
jsg [Thu, 20 Jul 2023 08:42:20 +0000 (08:42 +0000)]
drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode
From Aurabindo Pillai
c1164aeb9691817d23c8e8ed886c91ea1bdca76e in linux-6.1.y/6.1.39
b18f05a0666aecd5cb19c26a8305bcfa4e9d6502 in mainline linux
jsg [Thu, 20 Jul 2023 08:40:29 +0000 (08:40 +0000)]
drm/amdkfd: Fix potential deallocation of previously deallocated memory.
From Daniil Dulov
fabadad9e28dabecf25ad3c947aa8ba5f2b0eecf in linux-6.1.y/6.1.39
cabbdea1f1861098991768d7bbf5a49ed1608213 in mainline linux
jsg [Thu, 20 Jul 2023 08:39:02 +0000 (08:39 +0000)]
drm/amd/display: Fix a test dml32_rq_dlg_get_rq_reg()
From Christophe JAILLET
384717042de89dfd99087d2a54aad72620ac7fcb in linux-6.1.y/6.1.39
bafc31166aa7df5fa26ae0ad8196d1717e6cdea9 in mainline linux
jsg [Thu, 20 Jul 2023 08:37:42 +0000 (08:37 +0000)]
drm/amd/display: Fix a test CalculatePrefetchSchedule()
From Christophe JAILLET
36786e2a733143426dd7628e939735465425fbb1 in linux-6.1.y/6.1.39
960e27a5741cd3001996ff6ddfb3eb0ed3a4909d in mainline linux
jsg [Thu, 20 Jul 2023 08:36:00 +0000 (08:36 +0000)]
drm/bridge: Introduce pre_enable_prev_first to alter bridge init order
From Dave Stevenson
5044e5f2511c9afdf9880d2bb6b9d37dfc345dac in linux-6.1.y/6.1.39
4fb912e5e19075874379cfcf074d90bd51ebf8ea in mainline linux
jsg [Thu, 20 Jul 2023 08:33:02 +0000 (08:33 +0000)]
drm: Add fixed-point helper to get rounded integer values
From Maira Canal
048b7168acf85cb856b0db1d0483584cfff3498f in linux-6.1.y/6.1.39
8b25320887d7feac98875546ea0f521628b745bb in mainline linux
jsg [Thu, 20 Jul 2023 08:23:21 +0000 (08:23 +0000)]
drm/amd/display: Explicitly specify update type per plane info change
From Nicholas Kazlauskas
9fbe61e3c245fd16d86b2383499458a229c0cd22 in linux-6.1.y/6.1.39
710cc1e7cd461446a9325c9bd1e9a54daa462952 in mainline linux
jsg [Thu, 20 Jul 2023 08:21:29 +0000 (08:21 +0000)]
radeon: avoid double free in ci_dpm_init()
From Nikita Zhandarovich
cb86b0e3d9d38ba351dd10caef483529653dd481 in linux-6.1.y/6.1.39
20c3dffdccbd494e0dd631d1660aeecbff6775f2 in mainline linux
jsg [Thu, 20 Jul 2023 08:19:19 +0000 (08:19 +0000)]
drm/amd/display: Add logging for display MALL refresh setting
From Wesley Chalmers
064e33b3591ee43f07776ce64f8a027e8a96f60f in linux-6.1.y/6.1.39
cd8f067a46d34dee3188da184912ae3d64d98444 in mainline linux
jsg [Thu, 20 Jul 2023 08:16:21 +0000 (08:16 +0000)]
drm: use mgr->dev in drm_dbg_kms in drm_dp_add_payload_part2
From Jeff Layton
9f12effd40d7a3bc92cc4961f1cab1459c3dc520 in linux-6.1.y/6.1.39
54d217406afe250d7a768783baaa79a035f21d38 in mainline linux
tb [Thu, 20 Jul 2023 06:26:27 +0000 (06:26 +0000)]
Cap the size of numbers we check for primality
We refuse to generate RSA keys larger than 16k and DH keys larger than 10k.
Primality checking with adversarial input is a DoS vector, so simply don't
do this. Introduce a cap of 32k for numbers we try to test for primality,
which should be more than large enough for use withing a non-toolkit crypto
library. This is one way of mitigating the DH_check()/EVP_PKEY_param_check()
issue.
ok jsing miod
jmc [Thu, 20 Jul 2023 05:43:39 +0000 (05:43 +0000)]
tweak the allow-remote-pkcs11 text;
claudio [Thu, 20 Jul 2023 05:18:31 +0000 (05:18 +0000)]
Do not set O_EXCL on open() when a published file is on the withdraw list.
If during the process of applying RRDP deltas a object is published then
withdrawn and later published again the current code fails. This is because
published elements use O_EXCL in open() but in the case above the previous
file is still around since withdraws are delayed.
Problem noticed by job@
OK tb@
yasuoka [Thu, 20 Jul 2023 02:26:24 +0000 (02:26 +0000)]
Assign wsdisplay0 to the glass console always. The same change is
done for GENERIC already.
ok kettenis kn
job [Wed, 19 Jul 2023 21:53:45 +0000 (21:53 +0000)]
Add extra ASPA regress object
kettenis [Wed, 19 Jul 2023 21:52:55 +0000 (21:52 +0000)]
Reset sc->sc_early to 0 to make sure the framebuffer attaches.
Fixes my previous commit.
ok drahn@
job [Wed, 19 Jul 2023 21:49:30 +0000 (21:49 +0000)]
Rename ASPA providers field in filemode
fine with me @tb
millert [Wed, 19 Jul 2023 21:26:02 +0000 (21:26 +0000)]
Fix skipping of white space after the username in /etc/crontab.
Only a single white space character was consumed, we should be
consuming all white space between fields. This change makes things
consistent with how lines without a username are parsed.
OK deraadt@ sthen@
tb [Wed, 19 Jul 2023 21:01:29 +0000 (21:01 +0000)]
Don't rely on the libssl headers pulling in stdio.h somehow
kettenis [Wed, 19 Jul 2023 20:27:20 +0000 (20:27 +0000)]
Use "early 2" to attach aplpngr(4) to make sure it attaches before other
core drivers that need to enable power domains.
ok drahn@, deraadt@
kettenis [Wed, 19 Jul 2023 20:26:11 +0000 (20:26 +0000)]
Implement "early 2" locator for mainbus(4) and simplebus(4) to make
drivers attach even earlier.
ok drahn@, deraadt@
jan [Wed, 19 Jul 2023 20:22:05 +0000 (20:22 +0000)]
Protect ixl(4) admin queue with mutex(9).
with tweaks from bluhm
tested by bluhm
ok bluhm@
joshua [Wed, 19 Jul 2023 15:11:42 +0000 (15:11 +0000)]
Add missing commas to test vectors
ok tb@
joshua [Wed, 19 Jul 2023 15:06:57 +0000 (15:06 +0000)]
Add test coverage for SHA3
ok tb@
djm [Wed, 19 Jul 2023 14:03:45 +0000 (14:03 +0000)]
Separate ssh-pkcs11-helpers for each p11 module
Make ssh-pkcs11-client start an independent helper for each provider,
providing better isolation between modules and reliability if a single
module misbehaves.
This also implements reference counting of PKCS#11-hosted keys,
allowing ssh-pkcs11-helper subprocesses to be automatically reaped
when no remaining keys reference them. This fixes some bugs we have
that make PKCS11 keys unusable after they have been deleted, e.g.
https://bugzilla.mindrot.org/show_bug.cgi?id=3125
ok markus@
djm [Wed, 19 Jul 2023 14:02:27 +0000 (14:02 +0000)]
Ensure FIDO/PKCS11 libraries contain expected symbols
This checks via nlist(3) that candidate provider libraries contain one
of the symbols that we will require prior to dlopen(), which can cause
a number of side effects, including execution of constructors.
Feedback deraadt; ok markus
djm [Wed, 19 Jul 2023 13:56:33 +0000 (13:56 +0000)]
Disallow remote addition of FIDO/PKCS11 provider libraries to
ssh-agent by default.
The old behaviour of allowing remote clients from loading providers
can be restored using `ssh-agent -O allow-remote-pkcs11`.
Detection of local/remote clients requires a ssh(1) that supports
the `session-bind@openssh.com` extension. Forwarding access to a
ssh-agent socket using non-OpenSSH tools may circumvent this control.
ok markus@
djm [Wed, 19 Jul 2023 13:55:53 +0000 (13:55 +0000)]
terminate process if requested to load a PKCS#11 provider that
isn't a PKCS#11 provider; from / ok markus@
tb [Wed, 19 Jul 2023 13:34:33 +0000 (13:34 +0000)]
Fix two aliases in libcrypto spotted by the new symbols test
ok jsing
tb [Wed, 19 Jul 2023 13:26:20 +0000 (13:26 +0000)]
Partially fix interactive mode in patch
If ask() can't open /dev/tty for reading, it assumes the default answer
and carries on. Add missing unveil, so that ask() waits for an answer.
This isn't a full fix since it won't allow giving paths outside the tree
rooted at the current directory, but that's expected by the recent change.
Questions are only asked outside of force or batch mode.
fix suggested by op and semarie
ok deraadt florian
nicm [Wed, 19 Jul 2023 13:03:36 +0000 (13:03 +0000)]
Correct visited flag when the last window list is rebuilt by renumbering
windows, appears to fix hang reported by Mark Kelly.
anton [Wed, 19 Jul 2023 05:56:42 +0000 (05:56 +0000)]
Cope with LRO for TCP being enabled per default by now.
bluhm [Tue, 18 Jul 2023 16:01:20 +0000 (16:01 +0000)]
Enable LRO for TCP per default in the network drivers.
Large Receive Offload allows to receive aggregated packets larger
than the MTU. Receiving TCP streams becomes much faster. As the
network hardware is not aware whether a packet is received locally
or to be forwarded, everything is aggregated. In case of forwarding
it is split on output to packets not larger than the original
packets. So path MTU discovery should still work. If the outgoing
interface supports TSO, the packet is chopped in hardware by TCP
Segmentation Offload.
Currently only ix(4) and lo(4) devices support LRO, and ix(4) is
limited to IPv4 and hardware newer than the old 82598 model. If
the interface is added to a tpmr(4), bridge(4) or veb(4), LRO is
automatically disabled. All ix(4) devices support outgoing TSO for
IPv4 and IPv6. Enabling LRO on lo(4) automatically enables TSO and
TCP packets larger than the MTU pass the loopback interface.
LRO can be turned off per interface with ifconfig -tcplro.
OK jan@
claudio [Tue, 18 Jul 2023 15:07:41 +0000 (15:07 +0000)]
Kill ibuf_cat() since there is now ibuf_add_buf() in the official API.
OK tb@ tobhe@
claudio [Tue, 18 Jul 2023 13:06:33 +0000 (13:06 +0000)]
Do not duplicate prototypes of log.h in ypldap.h (without the extra
__format__ attribute on top).
Also properly ignore SIGHUP in the child processes.
OK jmatthew@
claudio [Tue, 18 Jul 2023 06:58:59 +0000 (06:58 +0000)]
With the update of the sleep API the linux emulation of their wait API,
schedule() and set_current_state() can be implemented in a much less
hacky way. This should remove some possible race conditions in the wait API.
Tested by many (kettenis, jsg, phessler, thfr)
OK kettenis@
asou [Tue, 18 Jul 2023 04:17:17 +0000 (04:17 +0000)]
Remove extra parentheses.
ok guenther@
kettenis [Mon, 17 Jul 2023 17:50:22 +0000 (17:50 +0000)]
Put the USB Type-C power delivery controller into the "S5" state during
suspend. This removes VBUS, avoiding USB devices that are plugged in
from consuming power during suspend.
ok mlarkin@, tobhe@, deraadt@
semarie [Mon, 17 Jul 2023 09:41:20 +0000 (09:41 +0000)]
vfs: drop several macros hidding eopnotsupp
make it obvious in the vfsops assignment that an op isnt supported.
from thib4711 at mailbox dot org
ok claudio@
djm [Mon, 17 Jul 2023 06:16:33 +0000 (06:16 +0000)]
missing match localnetwork negation check
jmc [Mon, 17 Jul 2023 05:41:53 +0000 (05:41 +0000)]
- add -P to usage()
- sync the arg name to -J in usage() with that in ssh.1
- reformat usage() to match what "man ssh" does on 80width
jmc [Mon, 17 Jul 2023 05:38:10 +0000 (05:38 +0000)]
-P before -p in SYNOPSIS;
jsg [Mon, 17 Jul 2023 05:36:14 +0000 (05:36 +0000)]
configuation -> configuration
djm [Mon, 17 Jul 2023 05:26:38 +0000 (05:26 +0000)]
move other RCSIDs to before their respective license blocks too
no code change
djm [Mon, 17 Jul 2023 05:22:30 +0000 (05:22 +0000)]
Move RCSID to before license block and away from #includes, where
it caused merge conflict in -portable for each commit :(
djm [Mon, 17 Jul 2023 05:20:15 +0000 (05:20 +0000)]
return SSH_ERR_KRL_BAD_MAGIC when a KRL doesn't contain a valid
magic number and not SSH_ERR_MESSAGE_INCOMPLETE; the former is
needed to fall back to text revocation lists in some cases;
fixes t-cert-hostkey.
djm [Mon, 17 Jul 2023 04:08:31 +0000 (04:08 +0000)]
Add support for configuration tags to ssh(1).
This adds a ssh_config(5) "Tag" directive and corresponding
"Match tag" predicate that may be used to select blocks of
configuration similar to the pf.conf(5) keywords of the same
name.
ok markus
djm [Mon, 17 Jul 2023 04:04:36 +0000 (04:04 +0000)]
add a "match localnetwork" predicate.
This allows matching on the addresses of available network interfaces
and may be used to vary the effective client configuration based on
network location (e.g. to use a ProxyJump when not on a particular
network).
ok markus@
djm [Mon, 17 Jul 2023 04:01:10 +0000 (04:01 +0000)]
remove vestigal support for KRL signatures
When the KRL format was originally defined, it included support for
signing of KRL objects. However, the code to sign KRLs and verify KRL
signatues was never completed in OpenSSH.
Now, some years later, we have SSHSIG support in ssh-keygen that is
more general, well tested and actually works. So this removes the
semi-finished KRL signing/verification support from OpenSSH and
refactors the remaining code to realise the benefit - primarily, we
no longer need to perform multiple parsing passes over KRL objects.
ok markus@
djm [Mon, 17 Jul 2023 03:57:21 +0000 (03:57 +0000)]
Support for KRL extensions.
This defines wire formats for optional KRL extensions and implements
parsing of the new submessages. No actual extensions are supported at
this point.
ok markus
kettenis [Sun, 16 Jul 2023 16:13:46 +0000 (16:13 +0000)]
Remove debug printfs that print the number of wakeups seen by the
individual CPUs. Ever since we switched from WFE to WFE in the suspend
loops the information hasn't been very useful anymore. And there is some
evidence that a printf here causes problems with syslog (e.g. running
xconsole under X).
ok deraadt@
kettenis [Sun, 16 Jul 2023 16:11:11 +0000 (16:11 +0000)]
Read out the system power consumption immediately after wakeup and print
it out in the DVACT_WAKEUP phase. This is a debugging aid to help us
drive down the power consumption in suspend.
ok deraadt@
claudio [Sun, 16 Jul 2023 15:21:46 +0000 (15:21 +0000)]
Merge ibuf_get() with ibuf_getdata() and rename it to ibuf_getdata().
Also replace a ibuf_reserve() call with ibuf_add_zero() and
remove a buf->buf == NULL check in ibuf_length() since it is not necessary.
OK tobhe@ tb@
kettenis [Sun, 16 Jul 2023 09:33:18 +0000 (09:33 +0000)]
When detaching devices when we suspend, we need to continue processing
command completion events. So only return early in xhci_softintr() if
the controller is dead instead of dying. This fixes USB suspend/resume
in Apple M1/M2.
ok mlarkin@, deraadt@
tb [Sun, 16 Jul 2023 09:23:33 +0000 (09:23 +0000)]
relayd: remove ENGINE dependency
What is achieved here through ENGINE can be done in a much simpler way
by setting the default RSA implementation. Drop a number of indirections
that only add a bit of logging. This removes a lot of boiler plate and
shows where the actual magic happens more clearly.
ok op tobhe
tb [Sun, 16 Jul 2023 08:25:41 +0000 (08:25 +0000)]
ecc_cdh: plug leak of peer public key
tb [Sun, 16 Jul 2023 07:34:07 +0000 (07:34 +0000)]
ecdhtest: Drop unnecessary constant and unneeded includes
anton [Sun, 16 Jul 2023 06:36:18 +0000 (06:36 +0000)]
Make remaining unstable tests fail consistently by adjusting the
modification time of the problematic file(s), causing the check_file()
routine to always hit the "file exists and is possible match" case.
While here, sync expected failures with reality.
yasuoka [Sun, 16 Jul 2023 03:01:31 +0000 (03:01 +0000)]
Make the mbstat preserve the same size which is actually used. Also
revert the previous that the mbstat is located on the stack.
ok claudio
tb [Sun, 16 Jul 2023 00:16:42 +0000 (00:16 +0000)]
ecdhtest: fix a couple bugs plus some cosmetic tweaks
projects / openbsd / log