tb [Sat, 2 Mar 2024 11:47:41 +0000 (11:47 +0000)]
Garbage collect TLS1_FLAGS_SKIP_CERT_VERIFY
And here goes another weird-ass thing of dubious pedigree.
ok jsing
tb [Sat, 2 Mar 2024 11:46:55 +0000 (11:46 +0000)]
Make {SSL3,TLS}_CT_* internal
And here goes a bunch of unused macros that just had to be in two
headers so they could get out of sync. Three of these constants
are used in a single function...
ok jsing
tb [Sat, 2 Mar 2024 11:45:51 +0000 (11:45 +0000)]
Remove SSL_CIPHER_get_by_{id,value}()
While this undocumented API would have been much nicer and saner than
SSL_CIPHER_find(), nothing used this except for the exporter test.
Let's get rid of it again. libssl uses ssl3_get_cipher_by_{id,value}()
directly.
ok jsing
tb [Sat, 2 Mar 2024 11:44:47 +0000 (11:44 +0000)]
Export SSL_get_{peer_,}signature_type_nid()
Also move the prototypes to the correct header.
Oversight reported by Frank Lichtenheld, thanks!
Fixes https://github.com/libressl/openbsd/issues/147
ok jsing
tb [Sat, 2 Mar 2024 11:41:53 +0000 (11:41 +0000)]
crank libcrypto major
There were symbol addition, removal, function signature changes and
struct visibility changes.
tb [Sat, 2 Mar 2024 11:40:53 +0000 (11:40 +0000)]
Change sk in CRYPTO_EX_DATA from STACK_OF(void) * to void *
Requested by jsing
tb [Sat, 2 Mar 2024 11:39:11 +0000 (11:39 +0000)]
tedu OPENSSL_isservice() prototype
When tedu tedued OPENSSL_isservice(), tedus chainsaw missed crypto.h.
Finish the teduing of the hack for Visual C++ 5.0 (!), which is still
present in the latest and greatest OpenSSL.
ok jsing
tb [Sat, 2 Mar 2024 11:37:13 +0000 (11:37 +0000)]
Make CRYPTO_THREADID opaque
With ERR_STATE out of the way, we can make CRYPTO_THREADID opaque.
The type is still accessed by used public API, but some of the public
API can also go away.
ok jsing
tb [Sat, 2 Mar 2024 11:35:09 +0000 (11:35 +0000)]
Fix CRYPTO_malloc/free signatures
Importantly, the size in malloc is now a size_t instead of an int. The API
now also takes a file and line to match upstream's signature.
ok jsing
tb [Sat, 2 Mar 2024 11:32:31 +0000 (11:32 +0000)]
Remove CRYPTO_*info
Long time neutered, only used (pointlessly without error checking) in the
error code until very recently.
ok jsing
tb [Sat, 2 Mar 2024 11:28:46 +0000 (11:28 +0000)]
Remove a bunch of CRYPTO memory API
This was neutered early on in the fork and has been rotting ever since.
Some parts of the API are still used, but it's easier to clean up when
most of the mess is gone.
ok jsing
tb [Sat, 2 Mar 2024 11:25:46 +0000 (11:25 +0000)]
Update list of OPENSSL_NO_*
This syncs the list with some version of upstream and exposes a few
OPENSSL_NO_* that may now be relevant.
from jsing (a long time ago)
tb [Sat, 2 Mar 2024 11:22:48 +0000 (11:22 +0000)]
Remove a few no longer used sk_FOO_* stanzas
ok jsing
tb [Sat, 2 Mar 2024 11:20:36 +0000 (11:20 +0000)]
Remove sk_find_ex()
This API intends to find the closest match to the needle. M2Crypto
exposes it because it can. This will be fixed by patching the port.
ok jsing
tb [Sat, 2 Mar 2024 11:17:27 +0000 (11:17 +0000)]
Unhook and remove GOST and STREEBOG
This stops compiling the GOST source. The current implementation is low
quality and got in the way, especially in libssl. While we would be open
for GOST support, it needs to be significantly better than what we have
had and it also needs a maintainer.
Add OPENSSL_NO_GOST to opensslfeatures and stop installing gost.h.
Some code wrapped in #ifndef OPENSSL_NO_GOST will be removed later.
ok jsing
tb [Sat, 2 Mar 2024 11:11:11 +0000 (11:11 +0000)]
Make LHASH_OF() and STACK_OF() use opaque structs
This removes internals of these two special snowflakes and will allow
further simplifications. Unfortunately, there are some pieces of
software that actually use LHASH_OF() (looking at you, pound, Ruby, and
openssl(1)), so we get to keep exposing this garbage, at least for now.
Expose lh_error() as a symbol to replace a macro reaching into _LHASH.
lh_down_load() is no longer available. _LHASH and _STACK are now opaque,
LHASH_NODE becomes internal-only.
from jsing
tb [Sat, 2 Mar 2024 11:04:51 +0000 (11:04 +0000)]
Remove lh stats
This could have been removed in an earlier bump. Now it's time for it to
say goodbye.
ok jsing
tb [Sat, 2 Mar 2024 10:59:41 +0000 (10:59 +0000)]
Remove X509_CRL_METHOD API
I would keep repeating myself... In the bit bucket you go.
ok jsing
tb [Sat, 2 Mar 2024 10:57:03 +0000 (10:57 +0000)]
Garbage collect most of the public LOOKUP API
Yet another bit of extensibility that no one ever really used.
X509_LOOKUP_free() needs to stay because of ... rust-openssl
(and kdelibs4support).
ok jsing
tb [Sat, 2 Mar 2024 10:54:39 +0000 (10:54 +0000)]
Expose X509_STORE_get1_objects()
Safer replacement API for the unsafe X509_STORE_get0_objects().
ok jsing
tb [Sat, 2 Mar 2024 10:52:24 +0000 (10:52 +0000)]
Make X509_CERT_AUX internal
Another struct/API that should never have leaked out of the library.
ok jsing
tb [Sat, 2 Mar 2024 10:50:26 +0000 (10:50 +0000)]
Remove X509_TRUST from the public API
With API and other users internal, this struct can now go.
ok jsing
tb [Sat, 2 Mar 2024 10:49:03 +0000 (10:49 +0000)]
Remove DECLARE_STACK_OF(X509_TRUST)
Unused since the extensibility was neutered.
ok jsing
tb [Sat, 2 Mar 2024 10:48:17 +0000 (10:48 +0000)]
Remove unused public X509_TRUST API
Another thing that should never have leaked out of the library. It
will become internal entirely, where the code can be simplified greatly.
ok jsing
tb [Sat, 2 Mar 2024 10:43:52 +0000 (10:43 +0000)]
const correct X509_PURPOSE_get0{,_{,s}name}()
Unfortunately, PHP and rust-openssl still need this API. At least we
can make the table read-only now since we disabled its extensibility.
ok jsing
tb [Sat, 2 Mar 2024 10:41:46 +0000 (10:41 +0000)]
Make X509_PURPOSE opaque
Code using details of X509_PURPOSE does so by using API. So we can make
this struct opaque.
ok jsing
tb [Sat, 2 Mar 2024 10:40:05 +0000 (10:40 +0000)]
Remove unused parts of the purpose API
Most of this is the ability to add custom purposes. Also the astounding
X509_STORE_CTX_purpose_inherit(). The names are used by PHP, and M2Crypto
exposes X509_check_purpose(), so these remain public. Some weird, most
likely invalid, uses also remain in rust-openssl.
ok jsing
tb [Sat, 2 Mar 2024 10:35:32 +0000 (10:35 +0000)]
Remove X509V3_EXT extensibility API
You used to be able to define your own X.509 extension handlers. Great.
Even greater: the verifier would ignore any custom extensions. So this
was only ever useful for serialization and deserialization. In other
words, almost entirely pointless. The API was also unused except for
a hack in kore-acme, which was fixed recently.
ok jsing
tb [Sat, 2 Mar 2024 10:33:51 +0000 (10:33 +0000)]
Remove X509_ALGOR_set_md()
One of those void APIs that are super hard to use safely since they can
fail but can't communicate failure. Nothing uses this. Internal uses have
been converted to error checked X509_ALGOR_set_evp_md().
ok jsing
tb [Sat, 2 Mar 2024 10:32:26 +0000 (10:32 +0000)]
Adjust signature of ERR_load_strings()
This aligns the prototypes with OpenSSL 1.1.
ok jsing
tb [Sat, 2 Mar 2024 10:30:48 +0000 (10:30 +0000)]
Remove ERR_get_state
The ERR_STATE struct is an unused implementation detail of the horrific
error stack code. It is the last public consumer of CRYPTO_THREAD
internals. Make this and its accessor internal so we can make the
CRYPTO_THREAD struct opaque.
ok jsing
tb [Sat, 2 Mar 2024 10:22:07 +0000 (10:22 +0000)]
Simplify engine.h
Garbage collect some more of this former horror show.
ok jsing
tb [Sat, 2 Mar 2024 10:21:12 +0000 (10:21 +0000)]
Garbage collect CUSTOM_KEY_LENGTH/SET_KEY_LENGTH
These are unused defines that used to add unwanted complications in
EVP_CIPHER_CTX_set_key_lenght().
ok jsing
tb [Sat, 2 Mar 2024 10:20:27 +0000 (10:20 +0000)]
Remove more PBE stuff from the public API
This is still needed internally for CMS and its predecessors. This
removal will enable disentangling some of its innards.
ok jsing
tb [Sat, 2 Mar 2024 10:17:37 +0000 (10:17 +0000)]
Remove most PBEPARAM stuff from public visibility
The struct itself needs to remain public, unfortunately.
ok jsing
tb [Sat, 2 Mar 2024 10:15:15 +0000 (10:15 +0000)]
Remove a lot of PKCS12 garbage from the public API
PKCS12 is a hot mess. Please participate in the survey at the end of
https://www.cs.auckland.ac.nz/~pgut001/pubs/pfx.html to increase its
credibility and unanimity.
ok jsing
jsg [Sat, 2 Mar 2024 10:14:31 +0000 (10:14 +0000)]
list install.img in contents where it is built
landry@ noted it wasn't in arm64 contents
tb [Sat, 2 Mar 2024 10:13:12 +0000 (10:13 +0000)]
Remove RC4-HMAC-MD5 and AES-{128,256}-CBC-HMAC-SHA-1
"Stitched" mode AEADs were removed from libssl a long time ago. Nothing
uses these CIPHERs anymore.
ok jsing
tb [Sat, 2 Mar 2024 10:08:29 +0000 (10:08 +0000)]
Make legacy cipher methods internal
These are ASN.1 handlers for CIPHERs, still used by CMS and its
predecessors. They should never have been public.
ok jsing
tb [Sat, 2 Mar 2024 10:06:48 +0000 (10:06 +0000)]
Remove EVP_PBE_* API from public visibility
You can no longer add your custom PBE algorithm. Pity. EVP_PBE_CipherInit()
stays for internal use, the rest goes away copmletely.
ok jsing
tb [Sat, 2 Mar 2024 10:04:40 +0000 (10:04 +0000)]
Remove EVP_PKEY_meth_*() API
After ameth, the second bit of custom EVP_PKEY API removal.
ok jsing
tb [Sat, 2 Mar 2024 10:03:12 +0000 (10:03 +0000)]
Remove the ameth lib
This is accessor API for ASN.1 methods needed for custom PKEYs.
Nothing has ever used this. This has been neutered for months.
The EVP_PKEY_asn1_* API that needs to stay was moved elsewhere.
ok jsing
tb [Sat, 2 Mar 2024 09:59:56 +0000 (09:59 +0000)]
Remove EVP_MD_meth* again
Erlang upstream disabled the otp_test_engine for LibreSSL >= 3.5 without
explanation. It was the only reason we added this garbage API in the first
place. Meanwhile libfido2 started using it for a mock up of OpenSSL 3's
broken fetch design with old API. This is pointless, so all this garbage
goes away again (in particular we can remove the absolutely horrifying
EVP_MD_meth_set_app_datasize() again).
ok jsing
tb [Sat, 2 Mar 2024 09:55:30 +0000 (09:55 +0000)]
Fix signature and semantics of EVP_{CIPHER,MD}_CTX_init()
When the EVP_CIPHER_CTX and the EVP_MD_CTX were still expected to live
on the stack, these initialization APIs were wrappers around memset.
In OpenSSL 1.1, somebody removed them and carelessly made _init() an
alias of _reset() aka _cleanup(). As a consequence, both signature and
semantics changed.
Unsurprisingly, there is now code out there that actually uses the new
semantics, which causes leaks on LibreSSL and older OpenSSL. This aligns
our _init() with OpenSSL 1.1 semantics.
ok jsing
tb [Sat, 2 Mar 2024 09:51:36 +0000 (09:51 +0000)]
Remove unused OBJ_create_and_add_object()
This is an alias for OBJ_create(). I haven't dug into its history.
ok jsing
tb [Sat, 2 Mar 2024 09:50:47 +0000 (09:50 +0000)]
Remove no longer supported OBJ_NAME_TYPEs
OBJ_NAME_TYPE_PKEY_METH and OBJ_NAME_TYPE_COMP_METH were never used
as far as I can tell. Unfortunately, PHP and Python still use the
weirdly named OBJ_NAME_do_all*() API to list available ciphers and
digests, so the MD and CIPHER variants need to remain public.
ok jsing
tb [Sat, 2 Mar 2024 09:49:45 +0000 (09:49 +0000)]
Make OBJ_add_object() static
This is another implementation detail that should never have leaked out
of the library. Only OBJ_create() ever used this.
ok jsing
tb [Sat, 2 Mar 2024 09:47:16 +0000 (09:47 +0000)]
Remove OBJ_bsearch_()
The only reason this has still been part of the public API was that libssl
used it for cipher lookup. This was fixed by replacing the lookup by proper
bsearch() -- why OpenSSL felt the need to reinvent ANSI C API badly will
forever remain a mystery.
The stack code in libcrypto still uses a version of this. This should
be rewritten. It will be a bit easier once sk_find_ex() is removed.
ok jsing
tb [Sat, 2 Mar 2024 09:43:10 +0000 (09:43 +0000)]
Switch name member of OBJ_NAME to const void *
Because this is the type it should have had from the get go.
ok jsing
tb [Sat, 2 Mar 2024 09:41:02 +0000 (09:41 +0000)]
Remove unused public OBJ_NAME_* API
This functionality has been disabled for a few months. Now it is high time
to garbage collect it.
ok jsing
tb [Sat, 2 Mar 2024 09:39:02 +0000 (09:39 +0000)]
Remove EVP_{add,delete}_{cipher,digest}_alias()
These are macro wrappers around the neutered OBJ_NAME_{add,remove}() API
(notice the consistency), which will be removed shortly. Only security/xca
used to use this.
ok jsing
tb [Sat, 2 Mar 2024 09:36:40 +0000 (09:36 +0000)]
Remove EVP_add_{cipher,digest}() from public API
Ciphers and digests are now handled in a static lookup table and no
longer by the associative array that used to underlie the OBJ_NAME API.
Adding ciphers is no longer possible. What uses this API does so for
historic reasons coming from a time where SHA-2 and some AES variants
needed to be enabled explicitly. Ports doing this (PHP and DANE code)
were fixed.
ok jsing
tb [Sat, 2 Mar 2024 09:33:14 +0000 (09:33 +0000)]
Remove DSA_generate_parameters
This was deprecated in 0.9.8 and used until recently by rust-openssl
and by keynote (keynote has the excuse that it was written before the
deprecation). Fortunately Paul Kehrer fixed this in rust-openssl,
so we can garbage collect this turd. (It was replaced with the less
ergonomic DSA_generate_parameters_ex() to expose a new fancy way of
displaying dots, stars and pluses on key generation).
ok jsing
tb [Sat, 2 Mar 2024 09:30:21 +0000 (09:30 +0000)]
Remove CMAC_resume()
While it is a neat design detail of CMAC that you can resume it after
having finalized it, nothing uses this functionality and it adds some
gross things such as retaining intermediate secrets in the CMAC ctx.
Once this is gone, we can simplify the CMAC code a bit.
ok jsing
tb [Sat, 2 Mar 2024 09:27:31 +0000 (09:27 +0000)]
Make BN_mod_exp2_mont() and BN_mod_exp_mont_word() internal
The former could be useful but nothing uses it. The latter is a
dangerous implementation detail of Montgomery exponentiation that
should never have been leaked out of the library. Fix this.
ok jsing
tb [Sat, 2 Mar 2024 09:24:59 +0000 (09:24 +0000)]
Make BN_mod_exp_simple() internal
This function is very slow and useful for testing purposes only. It
should never have been part of the public API. Remove it from there.
ok jsing
tb [Sat, 2 Mar 2024 09:22:41 +0000 (09:22 +0000)]
Remove BIO_set()
This used to be a dangerous implementation detail of BIO_new() that was
never used outside of libcrypto.
ok jsing
tb [Sat, 2 Mar 2024 09:21:24 +0000 (09:21 +0000)]
Remove BIO_dump_*{cb,fp}()
These were disabled and the internals that need to remain were fixed.
Time for this garbage to go.
ok jsing
tb [Sat, 2 Mar 2024 09:18:28 +0000 (09:18 +0000)]
Remove BIO_{sn,v,vsn}printf(3)
Unsued printing functionality. If something should need this we can readily
add it back.
ok jsing
tb [Sat, 2 Mar 2024 09:15:03 +0000 (09:15 +0000)]
Expose OPENSSL_{gmtime,posix_to_tm,timegm,tm_to_posix}()
Apart from OPENSSL_gmtime(), which is OpenSSL API, this is BoringSSL's
interface to deal with the time related portability and code mess.
ok jsing
tb [Sat, 2 Mar 2024 09:10:42 +0000 (09:10 +0000)]
Garbage collect ASN1_TIME_set_tm()
This was a public helper that is no longer used internally either.
ok jsing
tb [Sat, 2 Mar 2024 09:08:41 +0000 (09:08 +0000)]
Remove beck's ASN.1 time API from public visibility
This API was needed since OpenSSL didn't have one. We now have variants
of OpenSSL's API and will also expose BoringSSL's complementary API. The
users of this API were ported to the OpenSSL variants and some may switch
to BoringSSL's in the future. Part of it is still used internally.
ASN1_time_tm_clamp_notafter() is still used by libtls (and only libtls).
This will be fixed in a future bump.
ok jsing
tb [Sat, 2 Mar 2024 09:04:07 +0000 (09:04 +0000)]
Remove ASN1_PCTX nonsense
This is only used by the fuzzing code. Another bit of poorly thought
out extensibility that makes people pass NULL pointers to a bunch
of APIs.
ok jsing
tb [Sat, 2 Mar 2024 09:02:04 +0000 (09:02 +0000)]
Make ASN1_add_oid_module internal
ok jsing
tb [Sat, 2 Mar 2024 09:00:07 +0000 (09:00 +0000)]
Remove unused M_ASN1_* macros
The last comsumer, telephony/asterisk, was adjusted a few months back.
pointed out by brad
ok jsing
tb [Sat, 2 Mar 2024 08:57:42 +0000 (08:57 +0000)]
Remove unused, incomplete ub_* macros
The only consumer, a_strnid.c, has its own, slightly more complete, up
to date, and less incorrect, version of these.
ok jsing
tb [Sat, 2 Mar 2024 08:55:38 +0000 (08:55 +0000)]
Remove DECLARE_STACK_OF(ASN1_STRING_TABLE)
Another remnant of the unused ASN1_STRING_TABLE extensibility goes away.
ok jsing
tb [Sat, 2 Mar 2024 08:54:02 +0000 (08:54 +0000)]
Remove ASN1_STRING_TABLE_{add,cleanup}
This was API for the ASN1_STRING_TABLE extensibility which has been
neutered for months and was completely unused in the ecosystem.
ok jsing
tb [Sat, 2 Mar 2024 08:50:47 +0000 (08:50 +0000)]
const correct ASN1_STRING_TABLE_get()
The ability of modifying the ASN1_STRING_TABLE was removed and the table
is now static. Stop casting away const. The only consumer, security/xca,
is already fixed.
ok jsing
deraadt [Sat, 2 Mar 2024 01:07:23 +0000 (01:07 +0000)]
sync
millert [Fri, 1 Mar 2024 23:37:42 +0000 (23:37 +0000)]
Clarify behavior when there is more than one run of Xs.
With help from miod@
millert [Fri, 1 Mar 2024 21:50:40 +0000 (21:50 +0000)]
mktemp(1): add suffix support for compatibility with the GNU version
It is now possible to use templates where the Xs are not at the
end, like "foo.XXXXXX.bar". If there are multiple runs of Xs,
the last one is used. OK deraadt@
millert [Fri, 1 Mar 2024 21:30:40 +0000 (21:30 +0000)]
Add mkdtemps(3), like mkdtemp(3) but with a suffix.
OK deraadt@ tb@
krw [Fri, 1 Mar 2024 17:48:03 +0000 (17:48 +0000)]
Allow fdisk(8) to add GPT partitions of protected types.
This makes it possible to provision virtual machine images that
need a "BIOS Boot" partition.
Report, original diff and testing by Christian Ludwig. Thanks!
ok miod@
tb [Fri, 1 Mar 2024 16:27:34 +0000 (16:27 +0000)]
Bump version
claudio [Fri, 1 Mar 2024 16:23:37 +0000 (16:23 +0000)]
Bump version
kettenis [Fri, 1 Mar 2024 15:57:43 +0000 (15:57 +0000)]
Reduce dmesg spam by only printing the CPU feature flags when they differ
from the previous one. Since CPU cores are typically grouped in clusters
of identical cores and are typically enumerated this results in flags
being printed for the first core of a cluster. But only if the clusters
use cores that implement different features which is rare.
ok deraadt@
bluhm [Fri, 1 Mar 2024 14:15:01 +0000 (14:15 +0000)]
Protect pool_get() with kernel lock in sys_ypconnect().
Pool namei_pool is initialized with IPL_NONE as filesystem always
runs with kernel lock. So pool_get() needs kernel lock also in
sys_ypconnect().
OK kn@ deraadt@
job [Fri, 1 Mar 2024 09:36:55 +0000 (09:36 +0000)]
Lipstick on a pig: avoid comparing signed and unsigned
OK tb@ claudio@
jsg [Fri, 1 Mar 2024 08:35:23 +0000 (08:35 +0000)]
regen
jsg [Fri, 1 Mar 2024 08:34:42 +0000 (08:34 +0000)]
more Red Hat and Qumranet devices seen with QEMU and KVM
tb [Fri, 1 Mar 2024 08:10:09 +0000 (08:10 +0000)]
Add -x to opt into experimental file formats
Instead of burning one letter for each new file format (sidrops is known
to crank out new things faster than a normal person can read), use -x to
opt into parsing and processing file formats that aren't yet considered
stable. This is currently only the Signed Prefix List. While a repetition
of the ASPA debacle, this code hasn't yet seen enough stress testing to be
enabled by default.
ok claudio job
tb [Fri, 1 Mar 2024 07:59:20 +0000 (07:59 +0000)]
Factor signed prefix list JSON output into a helper
ok claudio job (as part of a larger diff)
tb [Fri, 1 Mar 2024 07:38:33 +0000 (07:38 +0000)]
Fix OPENSSL_{gmtime,timegm} in namespace build
These were incorrectly added to asn1.h. OPENSSL_gmtime is in crypto.h
and OPENSSL_timegm is already in posix_time.h
jsg [Fri, 1 Mar 2024 06:18:00 +0000 (06:18 +0000)]
Don't match dg2. The cards use paths unused by integrated graphics.
Likely doesn't work.
tb [Fri, 1 Mar 2024 03:47:32 +0000 (03:47 +0000)]
Remove the ciphers_by_values_test()
tb [Fri, 1 Mar 2024 03:46:54 +0000 (03:46 +0000)]
exporter: use the atrocious SSL_CIPHER_find() rather than get_by_id()
tb [Fri, 1 Mar 2024 03:45:16 +0000 (03:45 +0000)]
ssltest: drop another use of CRYPTO_mem_leaks()
bluhm [Thu, 29 Feb 2024 22:21:21 +0000 (22:21 +0000)]
An empty file /var/account/acct in etc.tgz simplifies accounting.
OK deraadt@
jan [Thu, 29 Feb 2024 22:09:33 +0000 (22:09 +0000)]
Add missing include of vlan.h in vmx(4).
ok bluhm@
bluhm [Thu, 29 Feb 2024 21:47:02 +0000 (21:47 +0000)]
Make nanosleep regress actually test something.
Do not call exit 0 in parent and child process. This skiped the
testing in multiple subtests. Use meaningful variable names to
figure out what is going wrong after the tests have been enabled.
Fix the test logic. Add missing break in switch statement, so that
success is reported.
tb [Thu, 29 Feb 2024 20:06:24 +0000 (20:06 +0000)]
Detect OPENSSL_NO_GOST correctly
tb [Thu, 29 Feb 2024 20:04:43 +0000 (20:04 +0000)]
CRYPTO_mem_leaks* will go away. Remove calls in legacy tests
tb [Thu, 29 Feb 2024 20:03:47 +0000 (20:03 +0000)]
Link x509_algor test statically and switch to the internal
X509_ALGOR_set0_evp_md()
tb [Thu, 29 Feb 2024 20:02:40 +0000 (20:02 +0000)]
OBJ_NAME_TYPE_PKEY_METH is no longer supported
tb [Thu, 29 Feb 2024 20:02:00 +0000 (20:02 +0000)]
Stop testing EVP_PKEY_GOST{IMIT,R01}
tb [Thu, 29 Feb 2024 20:00:53 +0000 (20:00 +0000)]
Prepare freenull test for GOST removal
bluhm [Thu, 29 Feb 2024 18:17:41 +0000 (18:17 +0000)]
Use monotonic clock to measure elapsed time.
The nanosleep regression test used gettimeofday(2). Switch it to
a monotonic clock to avoid accidential fails from a call to
settimeofday(2) somewhere in the system.
from Christian Ludwig
deraadt [Thu, 29 Feb 2024 17:05:10 +0000 (17:05 +0000)]
move from 7.5-beta to 7.5
guenther [Thu, 29 Feb 2024 16:10:52 +0000 (16:10 +0000)]
Intel vmm restores just the base of the GDTR and IDTR ith fixed,
high limits, beyond what we actually expect. We already restored
the IDTR from scratch, but the restore of the GDTR (limit) was
removed in r1.10. Put that back in a simpler way, simplify the
IDTR restore and delete the save/restore of the LDTR because that
one really is handled as we want by vmm.
ok dv@ mlarkin@