visa [Wed, 15 Dec 2021 15:30:47 +0000 (15:30 +0000)]
Adjust pty and tty event filters
* Implement EVFILT_EXCEPT for ttys for HUP condition detection.
This filter is used when pollfd.events has no read/write events.
* Add HUP condition detection to filt_ptcwrite() and filt_ttywrite()
to reflect ptcpoll() and ttpoll(). Only poll(2) and select(2) can
utilize the code; kevent(2) should behave as before with EVFILT_WRITE.
* Clear EV_EOF and __EV_HUP if the EOF/HUP condition ends.
OK mpi@
schwarze [Wed, 15 Dec 2021 15:29:23 +0000 (15:29 +0000)]
Document i2c_ASN1_INTEGER(3).
While it was probably a mistake that steve@ made some i2c_*() and c2i_*()
functions public back in 2000 and while we would like to delete them from
the API, it may not be possible to delete this particular function because
in contrast to the others (which are already marked as intentionally
undocumented), this one is used by various real-world software, so for now,
explain what it does, just in case people find it in existing code.
While here, use the familiar term "byte" that we generally use
throughout all our manual pages, even though the ASN.1 standard
uses the term "octet" instead, which is more precise only in theory.
mpi [Wed, 15 Dec 2021 12:53:53 +0000 (12:53 +0000)]
Use a per-UVM object lock to serialize the lower part of the fault handler.
Like the per-amap lock the `vmobjlock' is principally used to serialized
access to objects in the fault handler to allow faults occurring on
different CPUs and different objects to be processed in parallel.
The fault handler now acquires the `vmobjlock' of a given UVM object as
soon as it finds one. For now a write-lock is always acquired even if
some operations could use a read-lock.
Every pager, corresponding to a different kind of UVM object, now expect
the UVM object to be locked and some operations, like *_get() return it
unlocked. This is enforced by assertions checking for rw_write_held().
The KERNEL_LOCK() is now pushed to the VFS boundary in the vnode pager.
To ensure the correct amap or object lock is held when modifying a page
many uvm_page* operations are now asserting for the "owner" lock.
However, fields of the "struct vm_page" are still being protected by the
global `pageqlock'. To prevent lock ordering issues with the new
`vmobjlock' and to reduce differences with NetBSD this lock is now taken
and released for each page instead of around the whole loop.
This commit does not remove the KERNEL_LOCK/UNLOCK() dance. Unlocking
will follow if there is no fallout.
Ported from NetBSD, tested by many, thanks!
ok kettenis@, kn@
jmatthew [Wed, 15 Dec 2021 11:36:40 +0000 (11:36 +0000)]
ldapd always uses O_CREAT when reopening database files, so the database
directory must be unveiled with "rwc" rather than just "rw".
ok deraadt@ mestre@
mestre [Wed, 15 Dec 2021 11:23:09 +0000 (11:23 +0000)]
restrict filesystem access with unveil(2).
this one opens the default table file "/usr/share/misc/usb_hid_usages" through
hid_start(3) from libusbhid, then `dev' (will be the fd used on the ioctls)
and finally `conf' which is the file with the actions to be monitored. `conf'
needs to be unveil(2)ed with read perms since usbhidaction(1) can run as daemon
and this file will be re-read if a SIGHUP is catched.
looks good deraadt@
mestre [Wed, 15 Dec 2021 11:21:35 +0000 (11:21 +0000)]
restrict all filesystem access with unveil(2).
hid_start(3) opens `table' through libusbhid, then usbhidctl(1) itself opens
`dev', after that it's just performing ioctls on the fd left opened by the
latter so all fs access can be disabled.
ratchov [Wed, 15 Dec 2021 08:30:34 +0000 (08:30 +0000)]
Bump pkg-config version to 1.8.1
deraadt [Wed, 15 Dec 2021 04:01:52 +0000 (04:01 +0000)]
getcwd() operates on buffers of PATH_MAX including the NUL, and the +1
is not unneccesary. Different buffer sizes are actually dangerous, though
major problems are strangely rare.
ok millert
deraadt [Wed, 15 Dec 2021 04:00:15 +0000 (04:00 +0000)]
PATH_MAX+1 rarely makes sense, and abort if this happens in the imsg.
ok jmatthew millert
deraadt [Wed, 15 Dec 2021 00:37:21 +0000 (00:37 +0000)]
typo in previous
dtucker [Tue, 14 Dec 2021 23:47:36 +0000 (23:47 +0000)]
Correct value for IPTOS_DSCP_LE since it needs to allow for the preceeding
two ECN bits. From daisuke.higashi at gmail.com via OpenSSH bz#3373,
ok claudio@, job@, djm@.
deraadt [Tue, 14 Dec 2021 21:25:27 +0000 (21:25 +0000)]
sys/param.h cleanup, mostly using MINIMUM() and <limits.h>
ok dtucker
deraadt [Tue, 14 Dec 2021 20:52:47 +0000 (20:52 +0000)]
sync
tb [Tue, 14 Dec 2021 20:37:24 +0000 (20:37 +0000)]
tweak for the generated source
schwarze [Tue, 14 Dec 2021 20:21:45 +0000 (20:21 +0000)]
more symbols that are postponed or intentionally undocumented and
some regexp tweaks; the relevant parts of asn1.h are nearing completion
schwarze [Tue, 14 Dec 2021 20:14:22 +0000 (20:14 +0000)]
forgotten .Dv macros in -column lists
schwarze [Tue, 14 Dec 2021 19:36:18 +0000 (19:36 +0000)]
add roff(7) comments listing some M_ASN1_* aliases
that are intentionally undocumented
deraadt [Tue, 14 Dec 2021 18:16:14 +0000 (18:16 +0000)]
delete incorrect comment about sys/cdefs.h
bluhm [Tue, 14 Dec 2021 17:50:37 +0000 (17:50 +0000)]
To cache lookups, the policy ipo is linked to its SA tdb. There
is also a list of SAs that belong to a policy. To make it MP safe,
protect these pointers with a mutex.
tested by Hrvoje Popovski; OK mvs@
jsing [Tue, 14 Dec 2021 17:35:21 +0000 (17:35 +0000)]
Consolidate ASN.1 universal tag type data.
There are currently three different tables in three different files that
contain information about ASN.1 universal class tag types. Range checking
is also implemented in three different places (with different
implementations).
Consolidate all of this into a single table, provide a lookup function that
deals with the range checks and wrappers to deal with specific types.
ok inoguchi@ tb@
jsing [Tue, 14 Dec 2021 17:10:02 +0000 (17:10 +0000)]
Add regress coverage for ASN1_get_object()
jsing [Tue, 14 Dec 2021 17:07:57 +0000 (17:07 +0000)]
Add regress for ASN1_tag2bit() and ASN1_tag2str()
mvs [Tue, 14 Dec 2021 16:12:48 +0000 (16:12 +0000)]
Add new 'unsopassgc' test. This test tries to beak unix(4) sockets garbage
collector and make it to clean `so_rcv' buffer of alive socket. Successful
breakage should produce kernel panic.
ok bluhm@ mpi@
mvs [Tue, 14 Dec 2021 15:57:57 +0000 (15:57 +0000)]
Move 'unixsock' test from regress/sys/kern/unixsock/ to
regress/sys/kern/unixsockets/.
ok claudio@
visa [Tue, 14 Dec 2021 15:53:42 +0000 (15:53 +0000)]
Remember to clear __EV_HUP when the other end of the FIFO has re-opened.
schwarze [Tue, 14 Dec 2021 15:46:48 +0000 (15:46 +0000)]
document the very quirky behaviour of the SMIME_OLDMIME flag
visa [Tue, 14 Dec 2021 15:32:20 +0000 (15:32 +0000)]
Cover all state checks and updates with spltty() in filt_ttyread().
schwarze [Tue, 14 Dec 2021 15:22:49 +0000 (15:22 +0000)]
new manual page SMIME_text(3)
schwarze [Tue, 14 Dec 2021 14:30:50 +0000 (14:30 +0000)]
new manual page SMIME_read_ASN1(3)
using parts of the text from SMIME_read_CMS(3) and SMIME_read_PKCS7(3)
tobhe [Tue, 14 Dec 2021 13:44:36 +0000 (13:44 +0000)]
Move raw pubkey bytes to EVP_PKEY conversion to common function.
ok markus@
jsg [Tue, 14 Dec 2021 13:32:09 +0000 (13:32 +0000)]
drm/syncobj: Deal with signalled fences in drm_syncobj_find_fence.
From Bas Nieuwenhuizen
2737d0bc21b6db199b4145e12b9f1745577d7944 in linux 5.10.y/5.10.85
b19926d4f3a660a8b76e5d989ffd1168e619a5c4 in mainline linux
jsg [Tue, 14 Dec 2021 13:29:50 +0000 (13:29 +0000)]
drm/amdkfd: fix boot failure when iommu is disabled in Picasso.
From Yifan Zhang
f3d9114ac99f4358809f44b390b304b8b53fb4a4 in linux 5.10.y/5.10.85
afd18180c07026f94a80ff024acef5f4159084a4 in mainline linux
jsg [Tue, 14 Dec 2021 13:28:06 +0000 (13:28 +0000)]
drm/amdgpu: init iommu after amdkfd device init
From Yifan Zhang
7508a9aa65b959bbc6d9e42c9683520bddb7db0d in linux 5.10.y/5.10.85
714d9e4574d54596973ee3b0624ee4a16264d700 in mainline linux
jsg [Tue, 14 Dec 2021 13:25:51 +0000 (13:25 +0000)]
drm/amdgpu: move iommu_resume before ip init/resume
From James Zhu
ac9db04ee32f007e48cb0763784ccfadd5a21342 in linux 5.10.y/5.10.85
f02abeb0779700c308e661a412451b38962b8a0b in mainline linux
jsg [Tue, 14 Dec 2021 13:24:12 +0000 (13:24 +0000)]
drm/amdgpu: add amdgpu_amdkfd_resume_iommu
From James Zhu
fe9dca7dda61f8f3b3000df2abe88c60d1bfab93 in linux 5.10.y/5.10.85
8066008482e533e91934bee49765bf8b4a7c40db in mainline linux
jsg [Tue, 14 Dec 2021 13:22:32 +0000 (13:22 +0000)]
drm/amdkfd: separate kfd_iommu_resume from kfd_resume
From James Zhu
5d191b0976b72af5f79cf217b9b7c2f20b522a2a in linux 5.10.y/5.10.85
fefc01f042f44ede373ee66773b8238dd8fdcb55 in mainline linux
jsg [Tue, 14 Dec 2021 13:20:09 +0000 (13:20 +0000)]
drm/amd/amdkfd: adjust dummy functions' placement
From Lang Yu
46dcf66d6e7a64febe0575c62679287679dcb2b3 in linux 5.10.y/5.10.85
cd63989e0e6aa2eb66b461f2bae769e2550e47ac in mainline linux
jsg [Tue, 14 Dec 2021 12:48:15 +0000 (12:48 +0000)]
use bus_space_read_region_1() when reading bios from pci rom
Avoids 'BIOS signature incorrect 0 0' warning seen on sparc64
(where pci is mapped little endian) reported by Ted Bullock.
bluhm [Tue, 14 Dec 2021 12:37:49 +0000 (12:37 +0000)]
IO::Socket::IP non-blocking connect works a bit differently than
IO::Socket::INET6. Tweak the non-blocking for connect in the
sosplice scapy test.
kettenis [Tue, 14 Dec 2021 11:05:37 +0000 (11:05 +0000)]
Use "rng-seed" and "kaslr-seed" properties from the device tree to mix in
some extra entropy.
ok deraadt@
kettenis [Tue, 14 Dec 2021 11:01:58 +0000 (11:01 +0000)]
Don't overwrite the Raspberry Pi config.txt if it already exists.
ok sthen@, jsg@, deraadt@
patrick [Tue, 14 Dec 2021 10:48:10 +0000 (10:48 +0000)]
Implement support for selecting SGMII or SerDes mode depending on the
plugged-in SFP transceiver and for reading out transceiver information
via ifconfig(8). To read from the SFP, we need to let the card issue
I2C transfers. Additionally we need I2C to read/write to the PHY when
MDIO is not available. Depending on the SFP's supported media types
we can decide which mode to use.
This fixes hardware-initialization and link-up problems with some em(4)
Fiber NIC and SFP combinations.
Tested by dlg@ and been in snaps for quite a while
ok dlg@ jmatthew@
deraadt [Tue, 14 Dec 2021 07:20:16 +0000 (07:20 +0000)]
A better approach is to defined __CONCAT locally
deraadt [Tue, 14 Dec 2021 06:28:13 +0000 (06:28 +0000)]
sys/signal.h before sys/proc.h
deraadt [Tue, 14 Dec 2021 06:27:48 +0000 (06:27 +0000)]
MINIMUM() because of no sys/param.h
anton [Tue, 14 Dec 2021 06:26:15 +0000 (06:26 +0000)]
add missing sys/time.h include
deraadt [Tue, 14 Dec 2021 02:17:39 +0000 (02:17 +0000)]
Sigh. This sys/cdefs.h is hiding use of __CONCAT in a non-C context.
Needs some other repairs first.
chrisz [Mon, 13 Dec 2021 20:59:23 +0000 (20:59 +0000)]
add pclk clock used by dwdog(4) on RK3399
ok kettenis@
tb [Mon, 13 Dec 2021 19:47:40 +0000 (19:47 +0000)]
Fix asprintf() error check. Portable code should check the return
value for -1, not buf == NULL.
ok tobhe
tb [Mon, 13 Dec 2021 19:46:22 +0000 (19:46 +0000)]
Fix a few leaks due to X509_NAME_oneline(name, NULL, 0) dynamically
allocating a buffer.
ok tobhe
schwarze [Mon, 13 Dec 2021 18:55:22 +0000 (18:55 +0000)]
new manual page PEM_write_bio_ASN1_stream(3);
certainly not perfect, but arguably better than the even terser
PEM_write_bio_CMS_stream(3) and PEM_write_bio_PKCS7_stream(3)
deraadt [Mon, 13 Dec 2021 18:55:03 +0000 (18:55 +0000)]
sync
cheloha [Mon, 13 Dec 2021 18:33:23 +0000 (18:33 +0000)]
tee(1): increase I/O buffer size from 8KB to 64KB
64KB strikes a good balance between space and time on today's
machines. Buffers smaller than 64KB waste more time in userspace
traveling to and from the kernel. Buffers larger than 64KB do I/O a
bit faster, but the performance improvements rapidly diminish at a
steep memory cost.
Discussed with millert@ and deraadt@. Positive feedback from Geoff
Steckel.
Thread: https://marc.info/?l=openbsd-tech&m=
163737586414354&w=2
ok millert@ deraadt@
deraadt [Mon, 13 Dec 2021 18:28:39 +0000 (18:28 +0000)]
including sys/cdefs.h manually started as a result of netbsd trying to
macro-build a replacement for sccsid, and was done without any concern
for namespace damage. Unfortunately this practice started infecting
other code as others were unaware they didn't need the file.
ok millert guenther
tb [Mon, 13 Dec 2021 18:06:56 +0000 (18:06 +0000)]
Avoid a potential double free in group_free()
In the unlikely event that EC_KEY_check_key() in ec_init() fails,
the group would be freed twice: once in ec_init(), and later in
group_free().
ok tobhe
deraadt [Mon, 13 Dec 2021 18:04:28 +0000 (18:04 +0000)]
Kill sys/cdefs.h includes, because overly complicated include+macro
for a sccsid replacement scheme which results an namespace damage
is an unfair trade
ok bluhm
tb [Mon, 13 Dec 2021 17:58:41 +0000 (17:58 +0000)]
Remove the last internal use of d2i_ASN1_BOOLEAN.
From Stephen Henson, OpenSSL
564df0dd
ok jsing
jsing [Mon, 13 Dec 2021 17:56:15 +0000 (17:56 +0000)]
Clean up d2i_ASN1_BOOLEAN() and i2d_ASN1_BOOLEAN().
Convert these to templated ASN.1, given we already have ASN1_BOOLEAN_it.
ok inoguchi@ tb@
schwarze [Mon, 13 Dec 2021 17:55:53 +0000 (17:55 +0000)]
this file doesn't use anything from <stdio.h>;
in particular, NULL is also in <stdlib.h> according to the C99 standard;
"free commit" tb@
jsing [Mon, 13 Dec 2021 17:50:24 +0000 (17:50 +0000)]
Convert asn1_d2i_ex_primitive()/asn1_collect() from BUF_MEM to CBB.
With this we get simpler code, overflow checking and more sensible
memory ownership. Also switch the free_cont case to freezero() since this
could contain secrets.
ok inoguchi@ tb@
tobhe [Mon, 13 Dec 2021 17:35:34 +0000 (17:35 +0000)]
Cleanup libcrypto memory management. Remove redundant NULL checks
before calling *_free() functions. Use 'get0' functions where it
makes sense to avoid some frees.
Feedback and ok tb@
schwarze [Mon, 13 Dec 2021 17:24:39 +0000 (17:24 +0000)]
new manual page SMIME_write_ASN1(3);
still vague in various respects, but it's a start
deraadt [Mon, 13 Dec 2021 16:56:48 +0000 (16:56 +0000)]
remove a couple hundred sys/param.h includes in userland code, and
also whack some sys/cdefs.h early includes which is such a brutally
bad pattern
ok bluhm mbuhl
deraadt [Mon, 13 Dec 2021 16:37:37 +0000 (16:37 +0000)]
acct(4) ac_tty shouldn't need NODEV from sys/param.h (which is kernel API),
-1 is sufficient to indicate the process had no controlling tty, removing
one more sys/param.h include in our userland
ok millert
florian [Mon, 13 Dec 2021 16:12:10 +0000 (16:12 +0000)]
Only generate a new xid on state change.
When we first request a lease (INIT or REBOOTING state) we run with
very short timeouts. If the dhcp server is slow to respond we already
have a new xid and ignore the server's response. This goes on until we
increase the timeout high enough. If we just stick to an xid this will
not happen and we accept "late" responses.
RFC 2131 has:
Selecting a new 'xid' for each retransmission is an implementation
decision. A client may choose to reuse the same 'xid' or select a new
'xid' for each retransmitted message.
Problem seen by phessler on german train wifi.
OK phessler
visa [Mon, 13 Dec 2021 14:56:55 +0000 (14:56 +0000)]
Revise EVFILT_EXCEPT filters
Restrict the circumstances where EVFILT_EXCEPT filters trigger:
* when out-of-band data is present and NOTE_OOB is requested.
* when the channel is fully closed and consumer is poll(2).
This should clarify the logic and suppress events that kqueue-based
poll(2) does not except.
OK mpi@
visa [Mon, 13 Dec 2021 14:54:22 +0000 (14:54 +0000)]
Prevent kevent(2) use of EVFILT_EXCEPT with FIFOs and pipes
Currently, the only intended direct usage of the EVFILT_EXCEPT filter
is with NOTE_OOB to detect out-of-band data in ptys and sockets.
NOTE_OOB does not apply to FIFOs or pipes. Prevent the user from
registering the filter with these file types. The filter code is for
the kernel's internal use.
OK mpi@
bluhm [Mon, 13 Dec 2021 14:30:16 +0000 (14:30 +0000)]
nd6_dad_ns_input() could trigger a NULL deref in nd6_dad_duplicated().
It checks dp in two of three places. One check got lost in revision
1.83. Do a dp == NULL once at the beginning.
OK jsg@
Reported-by: syzbot+88c0ce914a0b10b7e1c8@syzkaller.appspotmail.com
schwarze [Mon, 13 Dec 2021 14:06:17 +0000 (14:06 +0000)]
Catch integer overflow rather than silently truncating while
parsing MASK: strings in ASN1_STRING_set_default_mask_asc(3).
Issue noticed by tb@, patch by me, two additional #include lines from tb@.
OK tb@.
visa [Mon, 13 Dec 2021 13:57:48 +0000 (13:57 +0000)]
Handle multi-port controllers in uslcom(4)
A multi-port CP210x device presents each COM port as a separate USB
virtual COM port interface. When attaching uslcom(4), take the USB
interface from the attach arguments instead of using interface 0.
This lets the driver access the different ports of a quad-port CP2108.
Tested with a single-port CP2102 by jsg@
OK jsg@ deraadt@
schwarze [Mon, 13 Dec 2021 13:46:09 +0000 (13:46 +0000)]
new manual pages i2d_ASN1_bio_stream(3) and SMIME_crlf_copy(3)
jca [Mon, 13 Dec 2021 13:30:39 +0000 (13:30 +0000)]
Let dnsproc pass multiple addresses to netproc
The loop was exited prematurely because of a stray break statement.
In case of a failure to connect to the first address returned by
getaddrinfo(3), acme-client can now try to connect using another address
or address family if available.
ok florian@
florian [Mon, 13 Dec 2021 11:03:23 +0000 (11:03 +0000)]
Treat xid as a uint32_t in network byte order on the wire.
Internally this doesn't matter since we only care about equality.
This makes logging output comparable to tcpdump(8).
Pointed out by joel@
OK claudio
florian [Mon, 13 Dec 2021 11:02:26 +0000 (11:02 +0000)]
Replace struct member assignment with struct assignment to make the
code more compact. No binary change.
OK claudio
nicm [Mon, 13 Dec 2021 09:42:20 +0000 (09:42 +0000)]
Make pane-border-format a pane option, GitHub issue 2999.
jsg [Sun, 12 Dec 2021 22:54:35 +0000 (22:54 +0000)]
remove unused variable to fix build with llvm 13
ok jca@ naddy@
tb [Sun, 12 Dec 2021 21:35:46 +0000 (21:35 +0000)]
Annotate the structs that will be moved to hmac_local.h and evp_locl.h
in an upcoming bump. This omits EVP_AEAD_CTX which will be dealt with
separately. EVP_CIPHER_INFO internals are still publicly visible in
OpenSSL, so it won't be moved.
Move typedefs for HMAC_CTX and EVP_ENCODE_CTX to ossl_typ.h. These
typedefs will be visible by files including only hmac.h or evp.h since
hmac.h includes evp.h and evp.h includes ossl_typ.h.
ok inoguchi
tb [Sun, 12 Dec 2021 21:30:13 +0000 (21:30 +0000)]
Include evp_locl.h where it will be needed once most structs from
evp.h will be moved to evp_locl.h in an upcoming bump.
ok inoguchi
tb [Sun, 12 Dec 2021 21:27:37 +0000 (21:27 +0000)]
Add a mostly empty hmac_local.h. HMAC_CTX and a few other things
from hmac.h will be moved there in an umpcoming bump. Include this
file where it will be needed.
ok inoguchi
tb [Sun, 12 Dec 2021 21:23:47 +0000 (21:23 +0000)]
Add -I${LIBCRYPTO_SRC}/hmac to CFLAGS. Needed in an upcoming commit.
ok inoguchi
tb [Sun, 12 Dec 2021 21:21:58 +0000 (21:21 +0000)]
Add header guards to evp_locl.h.
ok inoguchi
bluhm [Sun, 12 Dec 2021 21:16:53 +0000 (21:16 +0000)]
Replace deprecated IO::Socket::INET6 with IO::Socket::IP.
tb [Sun, 12 Dec 2021 20:42:37 +0000 (20:42 +0000)]
Convert req.c to compile with opaque EVP_MD_CTX.
ok inoguchi
tb [Sun, 12 Dec 2021 20:40:25 +0000 (20:40 +0000)]
Convert passwd.c to opaque EVP_MD_CTX and add a bit of error checking.
tweak/ok inoguchi
tb [Sun, 12 Dec 2021 20:35:40 +0000 (20:35 +0000)]
Make speed.c compile with opaque EVP_CIPHER, EVP_MD and HMAC_CTX.
ok inoguchi
tb [Sun, 12 Dec 2021 20:34:04 +0000 (20:34 +0000)]
A few more simplifications using get0_pubkey instead of get_pubkey + free.
tb [Sun, 12 Dec 2021 20:29:15 +0000 (20:29 +0000)]
Simplify x509.c slightly by using X509_get0_pubkey() instead of
X509_get_pubkey()
ok inoguchi
tb [Sun, 12 Dec 2021 20:28:02 +0000 (20:28 +0000)]
Make x509.c compile with opaque EVP_PKEY.
ok inoguchi
tb [Sun, 12 Dec 2021 20:22:59 +0000 (20:22 +0000)]
Use correct spelling of NULL
ok inoguchi
tb [Sun, 12 Dec 2021 20:22:08 +0000 (20:22 +0000)]
Make ts.c compile with opaque EVP_MD_CTX.
ok inoguchi
schwarze [Sun, 12 Dec 2021 20:16:36 +0000 (20:16 +0000)]
document the ub_* constants
schwarze [Sun, 12 Dec 2021 18:15:43 +0000 (18:15 +0000)]
typo
schwarze [Sun, 12 Dec 2021 17:31:18 +0000 (17:31 +0000)]
New manual page providing a rudimentary description of BIO_new_NDEF(3).
The API surrounding this is so complicated and streaming is so rarely
used in practice that describing this in more detail is not a priority
right now. The documentation of the wrapper BIO_new_CMS(3) is also
rather vague, and BIO_new_PKCS7() isn't described at all so far.
tb [Sun, 12 Dec 2021 14:27:20 +0000 (14:27 +0000)]
Rewrite X509_ALGOR_set_md() without reaching into EVP_MD.
ok inoguchi schwarze
bluhm [Sun, 12 Dec 2021 10:56:49 +0000 (10:56 +0000)]
Replace deprecated IO::Socket::INET6 with IO::Socket::IP.
visa [Sun, 12 Dec 2021 09:17:17 +0000 (09:17 +0000)]
Use vnode parameter instead of vfinddev() in mfs_strategy()
Getting the mfs device vnode through vfinddev() is more complex than
necessary. Also, the indirection is not robust.
OK mpi@
visa [Sun, 12 Dec 2021 09:14:58 +0000 (09:14 +0000)]
Add vnode parameter to VOP_STRATEGY()
Pass the device vnode as a parameter to VOP_STRATEGY() to allow calling
the correct vop_strategy callback. Now the vnode is also available
in the callback.
OK mpi@
schwarze [Sat, 11 Dec 2021 22:58:48 +0000 (22:58 +0000)]
Merge two bugfixes in ASN1_STRING_TABLE_add(3) and ASN1_STRING_TABLE_get(3)
from the OpenSSL 1.1.1 branch, which is still under a free license,
mostly this commit:
commit
d35c0ff30b31be9fd5dcf3d552a16feb8de464bc
Author: Dr. Stephen Henson <steve@openssl.org>
Date: Fri Oct 19 15:06:31 2012 +0000
fix ASN1_STRING_TABLE_add so it can override existing string table values
This fixes a segfault in ASN1_STRING_TABLE_add(3), which tried to change a
static const entry when called with an nid already in the default table,
and it switches the precedence of the two tables in ASN1_STRING_TABLE_get(3).
In addition, it changes behaviour in the following minor ways:
* Ignore negative minsize and maxsize arguments, not just -1.
* Ignore a zero mask and zero flags.
It's unclear whether these additional changes make the API absolutely
better, but we want compatibility with OpenSSL in these functions.
Tweaks & OK tb@.
schwarze [Sat, 11 Dec 2021 22:34:36 +0000 (22:34 +0000)]
Merge the deletion of <ctype.h>, which isn't used here,
and some style improvements from the OpenSSL 1.1.1 branch,
which is still under a free license.
No functional change.
OK and additional tweaks tb@.
kettenis [Sat, 11 Dec 2021 20:36:26 +0000 (20:36 +0000)]
Change compatible string to something that makes more sense.