jsing [Tue, 10 May 2022 05:19:22 +0000 (05:19 +0000)]
Remove ASN.1 combining.
This was an option used to combine ASN.1 into a single structure, which was
only ever used by DSAPublicKey and X509_ATTRIBUTE. Since they no longer use
it we can mop this up and simplify all of the related code.
ok tb@
krw [Tue, 10 May 2022 00:56:27 +0000 (00:56 +0000)]
Align fdisk with the logic used in the kernel and allow the
protective EFI GPT partition to be in MBR partitions 0-3, not
just the default partition 0.
deraadt [Mon, 9 May 2022 22:43:57 +0000 (22:43 +0000)]
delete ftplist2 (the old ftplist IP address). We've talked loudly about a
more distributed way of doing something smart and failovery, but this
annotation in the script isn't helping.
deraadt [Mon, 9 May 2022 22:42:53 +0000 (22:42 +0000)]
In a couple places, use set -m to cause subshells to gain process
groups, and then kill the process group instead of the ksh pid. Some
of these processes contain sleep, which kept running, and in some
cases retained stderr (or other fd) and confused parent processes.
In some cases, add manual wait. Finally, store the pid (nee pgrp)
in /tmp/xxpid files rather than variables, since there is a bit
of recursion and sub-shell confusion happening, and we have confused
ourselves at least twice with these pid variables not being in scope.
ok beck, with florian, ok kn
In snaps for almost a week. A few more tweaks may come in a while.
stsp [Mon, 9 May 2022 22:02:31 +0000 (22:02 +0000)]
update iwx(4) man page in light of AX210/AX211 support
stsp [Mon, 9 May 2022 21:57:26 +0000 (21:57 +0000)]
Add support for AX210/AX211 devices to iwx(4).
Firmware is available in fw_update(8) as of iwx-firmware-
20220110.
Tested for regressions on AX200/AX201 by jmc, kettenis, and myself.
Tested on AX210 by abieber (framework laptop) and myself, both using
a device which loads ty-ao-gf-a0 firmware.
AX210/AX211 devices which load the following firmware files should
work but could not yet be tested due to lack of hardware:
iwx-so-a0-gf-a0-67, iwx-so-a0-gf4-a0-67, iwx-so-a0-jf-b0-64
sthen [Mon, 9 May 2022 21:48:00 +0000 (21:48 +0000)]
Mention in the "proto icmp" section that standard stateful rules (i.e. the
default type of PF rule) don't allow ICMP responses unless they match an
existing state - tweak "keep state (sloppy)" to suggest from the first
sentence of the paragraph that it affects more than TCP. ok sashan@ bluhm@
sashan [Mon, 9 May 2022 20:29:23 +0000 (20:29 +0000)]
pf.conf(5) should mention impact of sloppy state handling on ICMP
OK @bluhm
bluhm [Mon, 9 May 2022 19:33:46 +0000 (19:33 +0000)]
Protect sbappendaddr() in divert_packet() with kernel lock. With
divert-packet rules pf calls directly from IP layer to protocol
layer. As the former has only shared net lock, additional protection
against parallel access is needed. Kernel lock is a temporary
workaround until the socket layer is MP safe.
discussed with kettenis@ mvs@
jsing [Mon, 9 May 2022 19:19:33 +0000 (19:19 +0000)]
Simplify X509_ATTRIBUTE ASN.1 encoding.
For some unknown historical reason, X509_ATTRIBUTE allows for a single
ASN.1 value or an ASN.1 SET OF, rather than requiring an ASN.1 SET OF.
Simplify encoding and remove support for single values - this is similar
to OpenSSL
e20b57270dec.
This removes the last use of COMBINE in the ASN.1 decoder.
ok tb@
job [Mon, 9 May 2022 17:20:25 +0000 (17:20 +0000)]
Add RSC regress bits
tb [Mon, 9 May 2022 17:19:32 +0000 (17:19 +0000)]
Drop prototype of currently nonexistent function.
tb [Mon, 9 May 2022 17:13:06 +0000 (17:13 +0000)]
Commit file missed in previous.
job [Mon, 9 May 2022 17:02:34 +0000 (17:02 +0000)]
Add preliminary support for decoding RSC objects in filemode
This implements decoding support for draft-ietf-sidrops-rpki-rsc-06
There are three major outstanding issues:
* The wire image might still change to conform to the more widely deployed
3779 API in libressl/openssl. IETF discussion ongoing.
* Whether the resources listed in the ResourceBlock are contained within
the EE's RFC 3779 extension is not hooked up yet.
* There is a fair bit of duplicity between rsc.c and cert.c, look for XXX
OK tb@
krw [Mon, 9 May 2022 15:09:50 +0000 (15:09 +0000)]
Replace a stray 0xA6 with DOSPTYP_OPENBSD. Tweak a ">= 2" to more
obvious "> 1". Use easier to spot 'ask_yn() == 0' instead of
'!ask_yn()'.
No functional change.
visa [Mon, 9 May 2022 14:49:55 +0000 (14:49 +0000)]
Revert "Replace selwakeup() with KNOTE() in pipe and socket event activation."
The commit caused hangs with NFS.
Reported by ajacoutot@ and naddy@
stsp [Mon, 9 May 2022 12:28:27 +0000 (12:28 +0000)]
regen
stsp [Mon, 9 May 2022 12:27:40 +0000 (12:27 +0000)]
add another iwx(4) product ID (presumably AX211, marketing name differs)
jsg [Mon, 9 May 2022 09:05:48 +0000 (09:05 +0000)]
drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses
From Imre Deak
4e308b21bc16231c90112d839859c9e38f7ef986 in linux 5.15.y/5.15.38
4ae4dd2e26fdfebf0b8c6af6c325383eadfefdb4 in mainline linux
jsg [Mon, 9 May 2022 09:00:01 +0000 (09:00 +0000)]
drm/i915: Check EDID for HDR static metadata when choosing blc
From Jouni Hogander
67434e132b8c9d3fb59f0bc27da6d0a0488cf92b in linux 5.15.y/5.15.38
c05d8332f5d23fa3b521911cbe55a2b67fb21248 in mainline linux
jsg [Mon, 9 May 2022 08:57:21 +0000 (08:57 +0000)]
drm/amd/display: Fix memory leak in dcn21_clock_source_create
From Miaoqian Lin
815b847af99d8b78131174fa1c32da0195c70e4c in linux 5.15.y/5.15.38
65e54987508b6f0771f56bdfa3ee1926d52785ae in mainline linux
jsg [Mon, 9 May 2022 08:54:36 +0000 (08:54 +0000)]
drm/amdkfd: Fix GWS queue count
From David Yat Sin
ce9be3baec9b58b3f6e4c721e6498ecfc37e5834 in linux 5.15.y/5.15.38
7c6b6e18c890f30965b0589b0a57645e1dbccfde in mainline linux
espie [Mon, 9 May 2022 08:29:04 +0000 (08:29 +0000)]
shadowing variables is a bad idea (thanks Anton, this fixes regress)
also fix a logic error (that's very unlikely to happen outside of broken
scenarios, but we still want to have things work correctly in that
context)
dtucker [Mon, 9 May 2022 08:25:27 +0000 (08:25 +0000)]
Remove errant apostrophe. From haruyama at queen-ml org.
djm [Mon, 9 May 2022 03:09:53 +0000 (03:09 +0000)]
Allow existing -U (use agent) flag to work with "-Y sign" operations,
where it will be interpreted to require that the private keys is
hosted in an agent; bz3429, suggested by Adam Szkoda; ok dtucker@
deraadt [Sun, 8 May 2022 23:54:10 +0000 (23:54 +0000)]
Software we import from outside tends to bloat faster than software we
write ourselves. This is a sad fact. libz just did this to us, again.
I don't care to hunt for reasons or justifications because it is an
endless battle.
Therefore this tiny (floppy) media can no longer include the TZ files.
Because some other architectures also have tight media, we have an
install script mechanism to cope with this -- when they are missing, it
asks the timezone question later, after the base set is installed with
the files)
djm [Sun, 8 May 2022 22:58:35 +0000 (22:58 +0000)]
improve error message when 'ssh-keygen -Y sign' is unable to load a
private key; bz3429, reported by Adam Szkoda ok dtucker@
djm [Sun, 8 May 2022 22:32:36 +0000 (22:32 +0000)]
When performing operations that glob(3) a remote path, ensure that the
implicit working directory used to construct that path escapes glob(3)
characters.
This prevents glob characters from being processed in places they
shouldn't, e.g. "cd /tmp/a*/", "get *.txt" should have the get operation
treat the path "/tmp/a*" literally and not attempt to expand it.
Reported by Lusia Kundel; ok markus@
tb [Sun, 8 May 2022 21:00:10 +0000 (21:00 +0000)]
sync
tb [Sun, 8 May 2022 20:59:32 +0000 (20:59 +0000)]
Remove openssl/cterr.h and inline it in openssl/ct.h
ok jsing
tobhe [Sun, 8 May 2022 20:26:31 +0000 (20:26 +0000)]
Move ikev2_reset_alive_timer() to a place where it makes more sense. The idea
is to renew the timer every time sc_alive_timeout is reset after loading a new
config.
ok patrick@
tb [Sun, 8 May 2022 19:03:31 +0000 (19:03 +0000)]
Default Ruby is now 3.1
krw [Sun, 8 May 2022 18:01:23 +0000 (18:01 +0000)]
Rename gt_protected field of struct gpt_type to gt_attr and
#define GTATTR_PROTECT and GTATTR_PROTECT_EFISYS as bits in it.
Use GTATTR_PROTECT to replace the magic value of '1' indicating
the partition is protected. Use GTATTR_PROTECT_EFISYS to replace
hack of checking for "APFS" string in the names of partitions
that want the EFI System (a.k.a. 0xEF) partition to be preserved.
More flexible and easier to extend protections to new partition
types or add new attributes to partition types.
No intentional functional change.
dv [Sun, 8 May 2022 14:44:54 +0000 (14:44 +0000)]
vmd: fix rebooting a received vm
Rebooting a received vm resulted in vmd(8) exiting as a result of
flawed state tracking in the parent process.
When stopping a vm, clear the VM_RECEIVE_STATE flag. When starting
a vm, make sure the parent process collapses any existing memory
ranges after the vm is sent to the vmm process (responsible for
launching the vm).
ok mlarkin@
tb [Sun, 8 May 2022 14:11:12 +0000 (14:11 +0000)]
Adjust regress after zlib update. Part of the following commit:
commit
0d36ec47f310478549c0864f215ab5c0114c49ba
Author: Mark Adler <madler@alumni.caltech.edu>
Date: Wed Jan 2 18:10:40 2019 -0800
Don't bother computing check value after successful inflateSync().
tb [Sun, 8 May 2022 14:09:10 +0000 (14:09 +0000)]
sync
tb [Sun, 8 May 2022 14:08:31 +0000 (14:08 +0000)]
Bump minor after symbol addition
tb [Sun, 8 May 2022 14:07:54 +0000 (14:07 +0000)]
Backport an upstream fix for CRC calculation. This fixes Java applications
on some older hardware, see https://github.com/madler/zlib/issues/613
Pointed out by tj and sthen
commit
ec3df00224d4b396e2ac6586ab5d25f673caa4c2
Author: Mark Adler <madler@alumni.caltech.edu>
Date: Wed Mar 30 11:14:53 2022 -0700
Correct incorrect inputs provided to the CRC functions.
The previous releases of zlib were not sensitive to incorrect CRC
inputs with bits set above the low 32. This commit restores that
behavior, so that applications with such bugs will continue to
operate as before.
tb [Sun, 8 May 2022 14:07:35 +0000 (14:07 +0000)]
Backport an upstream fix for CRC calculation. This fixes Java applications
on some older hardware, see https://github.com/madler/zlib/issues/613
Pointed out by tj and sthen
commit
ec3df00224d4b396e2ac6586ab5d25f673caa4c2
Author: Mark Adler <madler@alumni.caltech.edu>
Date: Wed Mar 30 11:14:53 2022 -0700
Correct incorrect inputs provided to the CRC functions.
The previous releases of zlib were not sensitive to incorrect CRC
inputs with bits set above the low 32. This commit restores that
behavior, so that applications with such bugs will continue to
operate as before.
tb [Sun, 8 May 2022 14:05:29 +0000 (14:05 +0000)]
Update to zlib 1.2.12
Build tests by myself for amd64 and arm64, sthen and inoguchi for i386
and gkoehler for macppc and powerpc64, thanks!
Detailed changelog is part of the committed diff.
tb [Sun, 8 May 2022 14:04:21 +0000 (14:04 +0000)]
Update to zlib 1.2.12
Build tests by myself for amd64 and arm64, sthen and inoguchi for i386
and gkoehler for macppc and powerpc64, thanks!
Detailed changelog is part of the committed diff.
krw [Sun, 8 May 2022 13:33:01 +0000 (13:33 +0000)]
Shuffle local helper function declarations and definitions into
one easy to find spot. Wrap the long lines of gpt_types[] to
make room for future expansion.
No functional change.
espie [Sun, 8 May 2022 13:31:40 +0000 (13:31 +0000)]
get rid of horribly complex optimization that's no longer relevant.
For update-info, we used to try to stop reading the CONTENTS file from
the stream as soon as we had enough, but
- most update-info will be cached
- the ones that won't are @option always-update, so they need the full
plist anyway
- most packages are signed, so we need a full 64KB of data to check the hash.
espie [Sun, 8 May 2022 13:21:04 +0000 (13:21 +0000)]
better abstraction: instead of storing a string we're going to parse for
signature dates, just annotate the PackageLocation with the info,
and decorate the PackingList itself when we finished reading it from the
location
espie [Sun, 8 May 2022 11:42:28 +0000 (11:42 +0000)]
show actual linking operations alongside renames if verbose >= 5
espie [Sun, 8 May 2022 11:06:06 +0000 (11:06 +0000)]
now we no longer go through temporary files when names don't change,
make the matching algorithm between the old and the new package more
precise: keep a list of matching checksums, instead of just one candidate.
For starters, empty files will always yield the same checksum, but it seems
some software (python for instance) loves installing multiple copies of
the same file. This does prevent 500 "name mismatches" out of 2500 in
python-3.9, for instance.
tb [Sat, 7 May 2022 17:20:41 +0000 (17:20 +0000)]
Sort alphabetically so that future omissions will be easier to spot.
discussed with jsing
jsing [Sat, 7 May 2022 15:50:25 +0000 (15:50 +0000)]
Split asn1_item_ex_d2i() into three.
Factor out the handling of CHOICE and SEQUENCE into their own functions.
This reduces complexity, reduces indentation and will allow for further
clean up.
ok beck@ tb@
krw [Sat, 7 May 2022 11:45:36 +0000 (11:45 +0000)]
Now that the internal versions of GPT partitions are host-endian,
simplify PRT_protected_guid() by comparing GUID's with
uuid_compare() rather than converting them to strings and using
strncmp().
Further clarify logic by doing the EFI Sys dance only if
the GUID being tested is not marked as protected.
No intentional functional change.
tb [Sat, 7 May 2022 10:31:54 +0000 (10:31 +0000)]
zap stray tab
tb [Sat, 7 May 2022 10:31:28 +0000 (10:31 +0000)]
KNF nits
jsing [Sat, 7 May 2022 10:13:56 +0000 (10:13 +0000)]
Rewrite asn1_d2i_ex_primitive() with CBS.
ok tb@
jsing [Sat, 7 May 2022 10:03:49 +0000 (10:03 +0000)]
Refactor asn1_ex_c2i()
The asn1_ex_c2i() function currently handles the V_ASN1_ANY case inline,
which means there multiple special cases, with pointer fudging and
restoring. Instead, split asn1_ex_c2i() into three functions - one that
only handles storage into a primitive type (asn1_ex_c2i_primitive()), one
that handles the V_ASN1_ANY case (asn1_ex_c2i_any()) and calls
asn1_ex_c2i_primitive() with the correct pointer and an asn1_ex_c2i()
that handles the custom functions case, before dispatching to
asn1_ex_c2i_any() or asn1_ex_c2i_primitive(), as appropriate.
This results in cleaner and simpler code.
With input from and ok tb@
jsing [Sat, 7 May 2022 07:47:24 +0000 (07:47 +0000)]
Avoid strict aliasing violations in BN_nist_mod_*()
The optimised code path switches from processing data via unsigned long to
processing data via unsigned int, which requires type punning. This is
currently attempted via a union (for one case), however this fails since
a pointer to a union member is passed to another function (these unions
were added to "fix strict-aliasing compiler warning" - it would seem the
warnings stopped but the undefined behaviour remained). The second case
does not use a union and simply casts from one type to another.
Undefined behaviour is currently triggered when compiling with clang 14
using -03 and -fstrict-aliasing, while disabling assembly (in order to use
this C code). The resulting binary produces incorrect results.
Avoid strict aliasing violations by copying from an unsigned long array to
an unsigned int array, then copying back the result. Any sensible compiler
will omit the copies, while avoiding undefined behaviour that would result
from unsafe type punning via pointer type casting.
Thanks to Guido Vranken for reporting the issue and testing the fix.
ok tb@
krw [Fri, 6 May 2022 23:53:43 +0000 (23:53 +0000)]
Rename PRT_uuid_to_[protection|typename] to PRT_uuid_to_[protected|sname],
and PRT_type_to_uuid() to PRT_type_to_guid() so the names clearly match
the field names being searched for.
No intentional functional change.
tb [Fri, 6 May 2022 20:49:01 +0000 (20:49 +0000)]
Add missing ERR_load_{COMP,CT,KDF}_strings()
ok beck
claudio [Fri, 6 May 2022 15:51:09 +0000 (15:51 +0000)]
Relax the limitation of what is an acceptable unicast IP.
Remove the IN_BADCLASS() check which filters out the experimental IPv4
address space. Now there are no more experiments in IPv4 and so there
is less reason for these network daemons to deny such an IP.
Everything still disallows multicast IPs (224/4) and loopback (127/8)
a few also disallow 0/8 but this is not consistent.
In any case using 240/4 in production is a really bad idea but it is
not up to this software to prevent you from being a fool.
OK deraadt@ tb@
krw [Fri, 6 May 2022 14:22:49 +0000 (14:22 +0000)]
When printing the GPT table, display "Microsoft basic data" instead of
"FAT12" for partition types that are mapped to GPT_UUID_MSDOS.
No intentional functional change.
visa [Fri, 6 May 2022 13:12:16 +0000 (13:12 +0000)]
Replace selwakeup() with KNOTE() in kqueue event activation.
The deferred activation can now run in an MP-safe task queue.
visa [Fri, 6 May 2022 13:09:41 +0000 (13:09 +0000)]
Replace selwakeup() with KNOTE() in pipe and socket event activation.
OK mpi@
tb [Fri, 6 May 2022 10:10:10 +0000 (10:10 +0000)]
Also check EVP_PKEY_CTX_new_id() return in example code. Letting this
be caught by the error check of EVP_PKEY_derive_init() is a dubious
pattern.
tb [Fri, 6 May 2022 07:40:10 +0000 (07:40 +0000)]
sync
tb [Fri, 6 May 2022 07:39:21 +0000 (07:39 +0000)]
Install EVP_PKEY_CTX_set_hkdf_md.3
tb [Fri, 6 May 2022 07:36:54 +0000 (07:36 +0000)]
Document the EVP HKDF API
Manual from OpenSSL 1.1.1o with minimal tweaks.
input/ok schwarze
deraadt [Fri, 6 May 2022 02:54:17 +0000 (02:54 +0000)]
sync
cheloha [Thu, 5 May 2022 22:36:36 +0000 (22:36 +0000)]
kstat(1): implement wait with setitimer(2) instead of nanosleep(2)
kstat(1)'s wait period drifts because nanosleep(2) uses a relative
timeout. If we use setitimer(2)/sigsuspend(2) the period does not
drift.
While here, bump the upper bound for wait up to UINT_MAX and switch to
the normal strtonum(3) error message format.
With input from kn@.
Tweaked by bluhm@ to block SIGALRM with sigprocmask(2) while we're
outside of sigsuspend(2).
Thread: https://marc.info/?l=openbsd-tech&m=
160038548111187&w=2
Earlier version ok millert@.
ok bluhm@
florian [Thu, 5 May 2022 20:07:23 +0000 (20:07 +0000)]
Fix watchdog in the installer.
We only had one watchdog running that triggered after 30 minutes. If
an unattended upgrade (e.g. started by sysupgrade(8)) took longer than
this in total, the machine would reboot half way through an upgrade.
The intention was that the watchdog would be reset after each set
download and after each set installation. But this never worked
correctly because the actual upgrade ran in a sub-shell and WDPID was
not visible.
To fix this we first need to export WDPID to make it visible in the
sub-shell. Then reset_watchdog was guarded by $UU && reset_watchdog,
but UU wasn't visible either. But we can't export it because we would
enter a loop. We can just use the fact that WDPID is not empty to
restart the watchdog.
Lastly the watchdog process would keep stderr and stdout open. This
made the tee(1) hang that is collecting the autoupgrade log that is
mailed to root.
As a simplification, we don't need to run the watchdog as a
co-process, we don't want to communicate with it, we can just run it
in the background.
Problem reported by stsp
With & OK deraadt
OK millert
florian [Thu, 5 May 2022 19:51:35 +0000 (19:51 +0000)]
Check that the challenge token which is turned into a filename is
base64url encoded.
We have only the challenge directory unveil(2)'ed so funny business
like ../ will not work, but we shouldn't generate garbage filenames
that someone else might trip over either.
Pointed out and diff by Ali Farzanrad (ali_farzanrad AT riseup.net)
OK beck
tb [Thu, 5 May 2022 19:48:06 +0000 (19:48 +0000)]
Simplify: freezero() is NULL safe; assign + test in one go, as usual.
ok jsing
tb [Thu, 5 May 2022 19:46:36 +0000 (19:46 +0000)]
Avoid malloc(0) in EVP_PKEY_CTX_set1_hkdf_key()
ok jsing
tb [Thu, 5 May 2022 19:44:23 +0000 (19:44 +0000)]
Securely wipe the entire HKDF_PKEY_CTX instead of only taking care of
a piece of the embedded info array.
ok jsing
jsing [Thu, 5 May 2022 19:18:56 +0000 (19:18 +0000)]
Use size_t for ASN.1 lengths.
Change asn1_get_length_cbs() and asn1_get_object_cbs() to handle and return
a length as a size_t rather than a uint32_t. This makes it simpler and less
error prone in the callers.
Suggested by and ok tb@
tb [Thu, 5 May 2022 18:34:27 +0000 (18:34 +0000)]
Switch wycheproof.go to using the EVP HKDF API.
Gotta love EVP... Instead of a single, obvious call to HKDF(), you now
need to call eight EVP functions with plenty of allocations and pointless
copying internally. If you want to suffer even more, you could consider
using the gorgeous string interface instead.
tb [Thu, 5 May 2022 18:29:34 +0000 (18:29 +0000)]
Fix HMAC() with NULL key
If a NULL key is passed to HMAC_Init_ex(), it tries to reuse the
previous key. This makes no sense inside HMAC() since the HMAC_CTX
has no key set yet. This is hit by HKDF() with NULL salt() via the
EVP API and results in a few Wycheproof test failures. If key is
NULL, use a zero length dummy key.
This was not hit from wycheproof.go since we pass a []byte with a
single NUL from Go.
Matches OpenSSL if key is NULL and key_len is 0. If key_len != 0,
OpenSSL will still fail by passing a NULL key which makes no sense,
so set key_len to 0 instead.
ok beck jsing
bluhm [Thu, 5 May 2022 16:44:22 +0000 (16:44 +0000)]
Clean up divert_packet(). Function does not return error, make it
void. Introduce mutex and refcounting for inp like in the other
PCB functions.
OK sashan@
bluhm [Thu, 5 May 2022 16:12:42 +0000 (16:12 +0000)]
Add error handling if setting the keyboard encoding fails. After
open of all /dev/wskbd* devices failed, report the error from the
first one. Also wrap long lines.
OK mpi@
jeremy [Thu, 5 May 2022 15:45:05 +0000 (15:45 +0000)]
Update documentation for switch of default ruby version to 3.1
dv [Thu, 5 May 2022 15:42:04 +0000 (15:42 +0000)]
we no longer announce rounding here
tb [Thu, 5 May 2022 14:44:59 +0000 (14:44 +0000)]
Switch the log_warnx() about trailing garbage to log_debug(). After a
maintenance window, my ISP started sending an unexpected 'ff' byte at
the very end which created noise in the log. Apparently this came up
before.
From and ok florian
claudio [Thu, 5 May 2022 13:57:40 +0000 (13:57 +0000)]
Use static objects for struct rttimer_queue instead of dynamically
allocate them.
Currently there are 6 rttimer_queues and not many more will follow. So
change rt_timer_queue_create() to rt_timer_queue_init() which now takes
a struct rttimer_queue * as argument which will be initialized.
Since this changes the gloabl vars from pointer to struct adjust other
callers as well.
OK bluhm@
fcambus [Thu, 5 May 2022 12:29:14 +0000 (12:29 +0000)]
regen
fcambus [Thu, 5 May 2022 12:26:06 +0000 (12:26 +0000)]
Add ID for the AMD Sensor Fusion Hub found on my Ryzen-based ZBOX CA621.
OK jsg@
tb [Thu, 5 May 2022 11:26:36 +0000 (11:26 +0000)]
Fix argument order in HKDF and HKDF_extract().
dv [Thu, 5 May 2022 11:19:18 +0000 (11:19 +0000)]
unbreak vmd(8) regress, update string matches
bluhm [Thu, 5 May 2022 10:04:24 +0000 (10:04 +0000)]
Fix line wrapping in wall(1).
from Anton Borowka; OK mbuhl@
bluhm [Thu, 5 May 2022 09:45:15 +0000 (09:45 +0000)]
Using mutex initializer for static variable does not compile with
witness. Make ratecheck mutex global.
Reported-by: syzbot+9864ba1338526d0e8aca@syzkaller.appspotmail.com
tb [Thu, 5 May 2022 08:51:21 +0000 (08:51 +0000)]
Add hkdf_pkey_meth to the standard_methods[]
ok beck jsing
tb [Thu, 5 May 2022 08:50:35 +0000 (08:50 +0000)]
Link kdf/ to the build
ok beck jsing
tb [Thu, 5 May 2022 08:48:50 +0000 (08:48 +0000)]
Provide EVP_PKEY_HKDF alias for NID_hkdf
ok beck jsing
tb [Thu, 5 May 2022 08:48:05 +0000 (08:48 +0000)]
Provide KDFerr() and KDFerror() macros
ok beck jsing
claudio [Thu, 5 May 2022 08:43:37 +0000 (08:43 +0000)]
No longer consider IN_EXPERIMENTAL aka 240/4 as not forwardable.
We already allow 240/4 in and out so lets allow it through as well.
One of many steps to make 240/4 useable.
Diff by Seth David Schoen (schoen at loyalty.org)
OK bluhm@ djm@
tb [Thu, 5 May 2022 08:42:27 +0000 (08:42 +0000)]
Provide versions of EVP_PKEY_CTX_{str,hex}2ctrl() for internal use.
ok beck jsing
tb [Thu, 5 May 2022 08:24:14 +0000 (08:24 +0000)]
Ditch #defines for tls1_prf and scrypt. Drop unused errors and massage
some const.
ok beck jsing
tb [Thu, 5 May 2022 08:14:14 +0000 (08:14 +0000)]
Translate from OpenSSL's HKDF API to BoringSSL API.
ok beck jsing
tb [Thu, 5 May 2022 08:10:39 +0000 (08:10 +0000)]
Remove function codes from errors, i.e., KDFerr(A, B) -> KDFerror(B)
ok beck jsing
tb [Thu, 5 May 2022 08:07:24 +0000 (08:07 +0000)]
Fix typo in previous.
tb [Thu, 5 May 2022 08:05:58 +0000 (08:05 +0000)]
Inline OPENSSL_memdup() using malloc() + memcpy()
ok beck jsing
tb [Thu, 5 May 2022 08:03:11 +0000 (08:03 +0000)]
Translate OPENSSL_{cleanse,clear_free,free,zalloc}() to libc API.
ok beck jsing
tb [Thu, 5 May 2022 07:57:33 +0000 (07:57 +0000)]
Adjust includes for LibreSSL
ok beck jsing
tb [Thu, 5 May 2022 07:53:30 +0000 (07:53 +0000)]
Use C99 initializres for hkdf_pkey_meth
ok beck jsing