tb [Wed, 16 Oct 2024 23:49:49 +0000 (23:49 +0000)]
Implement Wei25519 to exercise some more elliptic curve code
This provides a non-trivial non-builtin curve that is unlikely to ever
become a builtin curve. This exercises the cofactor guessing code and
and ensures that things work as far as they can with a custom OID. The
main reason for adding it is to have a "real-world" example for an
upcoming check that EC parameters represent a builtin curve.
miod [Wed, 16 Oct 2024 18:47:47 +0000 (18:47 +0000)]
a.out is no longer the commonly encountered binary file format, the world has
moved to ELF.
Move the a.out specific defines and macros, but the MID_xxx values, from
<sys/exec.h> to <a.out.h>, and update the few userland binaries which really
need these defines (i.e. boot-related tools for old architectures) to
explicitly include <a.out.h> when needed.
"Fine" deraadt@
miod [Wed, 16 Oct 2024 18:43:42 +0000 (18:43 +0000)]
Deliver SIGTRAP, rather than SIGEMT, when a TADDccTV or TSUBccTV instruction
traps. Such instructions are deprecated in v9 (64-bit) code and should never
occur in real-life code. See v9 manual A.59 and A.60 for details.
CVS ----------------------------------------------------------------------
miod [Wed, 16 Oct 2024 18:40:52 +0000 (18:40 +0000)]
Deliver SIGTRAP, rather than SIGEMT, for trap instructions which are neither
debugger breakpoints nor compiler-generated divide by zero reports.
SIGEMT is a historical curiosity which makes no sense nowadays except on
PDP-11 and VAX hardware.
Discussed with imp@ and visa@ long ago.
dlg [Wed, 16 Oct 2024 11:12:31 +0000 (11:12 +0000)]
cut tun_init() out, it does pointless work.
tun_init turns interface/stack config into a set of flags that
tun(4) keeps in tun_softc sc_flags, but never uses.
ok miod@ kn@
dlg [Wed, 16 Oct 2024 11:03:55 +0000 (11:03 +0000)]
remove SIOCSIFDSTADDR from the network ioctls.
netintro says it's deprecated, and most of our other drivers are
doing fine without it.
ok miod@ kn@ patrick@
tb [Wed, 16 Oct 2024 06:09:45 +0000 (06:09 +0000)]
rpki-client: sprinkle some const
EVP_PKEY_get0_* were made const correct in OpenSSL 3 and now cause the
build of rpki-client to emit warnings. Of course no one is able to see
these warnings because they are hidden in all the deprecation vomit.
Makes rpki-client build cleanly against OpenSSL 3 when configured with
--with-openssl-cflags=-DOPENSSL_SUPPRESS_DEPRECATED.
ok claudio deraadt job
jsg [Wed, 16 Oct 2024 02:32:27 +0000 (02:32 +0000)]
remove unneeded frame.h and riscvreg.h includes
tb [Tue, 15 Oct 2024 21:03:10 +0000 (21:03 +0000)]
rpki-client/openssl: eliminate pointless OpenSSL deprecation vomit
tb [Tue, 15 Oct 2024 19:41:24 +0000 (19:41 +0000)]
rust-openssl: set resolver="2" for workspace
silences an annoying warning
tb [Tue, 15 Oct 2024 17:44:43 +0000 (17:44 +0000)]
Unindent error check in EC_GROUP_set_generator()
claudio [Tue, 15 Oct 2024 15:06:25 +0000 (15:06 +0000)]
Enable sig-stop3 regress test. It should no longer fail now.
claudio [Tue, 15 Oct 2024 13:49:49 +0000 (13:49 +0000)]
Add PS_STOPPED to the flags
claudio [Tue, 15 Oct 2024 13:49:26 +0000 (13:49 +0000)]
Indicate that a process has stopped by setting PS_STOPPED flag
The checks in dowait6 and orphanpg using ps_mainproc are flawed and
fail if the mainproc called pthread_exit before the other threads.
Adding the flag in proc_stop_sweep is racy but the best we have right now.
This fixes regress/sys/kern/signal/sig-stop3.
OK mpi@
claudio [Tue, 15 Oct 2024 12:26:53 +0000 (12:26 +0000)]
Fix runtime calculation. Assiging ts to spc_runtime does not work if ts
is modified.
OK tb@ jca@
claudio [Tue, 15 Oct 2024 11:54:07 +0000 (11:54 +0000)]
Use pr instead of p->p_p like everywhere else in exit1.
jsg [Tue, 15 Oct 2024 09:16:39 +0000 (09:16 +0000)]
remove unneeded pte.h include
tb [Tue, 15 Oct 2024 06:35:59 +0000 (06:35 +0000)]
Switch ec_asn1_group2parameters() to get0_{order,cofactor}()
These are more ergonomic, result in more readable code, avoid a copy and
we no longer ignore a possible memory allocation error due to API misdesign
and bad code.
ok jsing
tb [Tue, 15 Oct 2024 06:27:43 +0000 (06:27 +0000)]
Provide EC_GROUP_get0_cofactor() for internal use
While this is public API in OpenSSL, there are no plans to expose it.
ok jsing
jsg [Tue, 15 Oct 2024 00:41:40 +0000 (00:41 +0000)]
remove struct arpreq from net/if_arp.h
unused since "rewrite to merge arp and routing tables"
in CSRG if_ether.c 7.14 (Berkeley) 06/25/91
used by SIOCSARP, SIOCGARP, SIOCDARP, OSIOCGARP ioctls in Net/2
which were removed before 4.4BSD-Lite
ok sthen@ who tested this with a ports build
deraadt [Tue, 15 Oct 2024 00:08:27 +0000 (00:08 +0000)]
grow i386 media a bit
naddy [Mon, 14 Oct 2024 23:53:34 +0000 (23:53 +0000)]
mention SshdAuthPath option; ok djm@
nicm [Mon, 14 Oct 2024 20:26:45 +0000 (20:26 +0000)]
Set ACS flag for REP. Reported by Romain Francoise, GitHub issue 4182.
tb [Mon, 14 Oct 2024 18:17:11 +0000 (18:17 +0000)]
Make NULL checks in ec_asn1_group2curve() explicit
tb [Mon, 14 Oct 2024 13:16:06 +0000 (13:16 +0000)]
Extend ec_asn1_test to check for correct curve coefficient encoding
tb [Mon, 14 Oct 2024 12:50:18 +0000 (12:50 +0000)]
Fix field element encoding for elliptic curve coefficients
SEC 1, section 2.3.5, is explicit that the encoding of an element of the
field of definition for an elliptic curve needs to be a zero-padded octet
string whose length matches the byte size of the field's degree. So use
BN_bn2binpad() to fix this. Factor things into a simple helper to avoid
copy-pasting.
This gets rid of some of the most grotesque code in this file.
ok jsing
tb [Mon, 14 Oct 2024 12:42:52 +0000 (12:42 +0000)]
Drop an obvious comment and fix indent for setting the seed
Also remove a pointless cast.
ok jsing
tb [Mon, 14 Oct 2024 12:38:11 +0000 (12:38 +0000)]
In ec_asn1_group2curve() rename ok to ret, per usual
ok jsing
jsg [Mon, 14 Oct 2024 12:02:16 +0000 (12:02 +0000)]
remove unneeded vmparam.h include from pte.h
include vmparam.h in process_machdep for USER_SPACE_BITS
jan [Mon, 14 Oct 2024 11:49:34 +0000 (11:49 +0000)]
Fix build w/o SUSPEND option
with tweaks from miod@
ok miod@
jsg [Mon, 14 Oct 2024 10:08:13 +0000 (10:08 +0000)]
remove unneeded device.h include
jsg [Mon, 14 Oct 2024 08:42:39 +0000 (08:42 +0000)]
remove unused struct sigstate; ok miod@
jsg [Mon, 14 Oct 2024 08:26:48 +0000 (08:26 +0000)]
remove duplicate includes and license; feedback and ok miod@
jmc [Mon, 14 Oct 2024 07:05:23 +0000 (07:05 +0000)]
remove notes about unsupported modifiers; from nir lichtman
confirmed by miod
djm [Mon, 14 Oct 2024 03:02:08 +0000 (03:02 +0000)]
regress support for split sshd-auth binary
deraadt [Mon, 14 Oct 2024 02:46:50 +0000 (02:46 +0000)]
sshd-auth also has a relink kit
deraadt [Mon, 14 Oct 2024 02:45:44 +0000 (02:45 +0000)]
sync
jsg [Mon, 14 Oct 2024 02:20:01 +0000 (02:20 +0000)]
change mutex.h include to rwlock.h
missed when dh_mtx changed from mutex to rwlock in rev 1.6
djm [Mon, 14 Oct 2024 01:57:50 +0000 (01:57 +0000)]
Split per-connection sshd-session binary
This splits the user authentication code from the sshd-session
binary into a separate sshd-auth binary. This will be executed by
sshd-session to complete the user authentication phase of the
protocol only.
Splitting this code into a separate binary ensures that the crucial
pre-authentication attack surface has an entirely disjoint address
space from the code used for the rest of the connection. It also
yields a small runtime memory saving as the authentication code will
be unloaded after thhe authentication phase completes.
Joint work with markus@ feedback deraadt@
Tested in snaps since last week
jsg [Mon, 14 Oct 2024 00:47:36 +0000 (00:47 +0000)]
remove unneeded proc.h include
djm [Sun, 13 Oct 2024 22:20:06 +0000 (22:20 +0000)]
don't start the ObscureKeystrokeTiming mitigations if there has been
traffic on a X11 forwarding channel recently.
Should fix X11 forwarding performance problems when this setting is
enabled. Patch from Antonio Larrosa via bz3655
jsg [Sun, 13 Oct 2024 08:25:09 +0000 (08:25 +0000)]
byt -> but; ok tb@
jsg [Sun, 13 Oct 2024 03:35:59 +0000 (03:35 +0000)]
include stdio.h for sscanf() snprintf()
jsg [Sun, 13 Oct 2024 02:27:44 +0000 (02:27 +0000)]
remove unneeded timeout.h include
jsg [Sun, 13 Oct 2024 00:53:21 +0000 (00:53 +0000)]
remove unneeded limits.h and errno.h includes
deraadt [Sun, 13 Oct 2024 00:00:41 +0000 (00:00 +0000)]
Be more eager to install qcpas firmware (more pattern matches)
afresh1 [Sat, 12 Oct 2024 23:56:23 +0000 (23:56 +0000)]
Make fw_update -a mean all
When downloading or installing, not just deleting.
Noticed by Paul de Weerd
Help with manual wording from jmc@
Just fix -a, deraadt@
jsg [Sat, 12 Oct 2024 23:31:14 +0000 (23:31 +0000)]
remove unneeded rwlock.h include
jsg [Sat, 12 Oct 2024 23:18:10 +0000 (23:18 +0000)]
remove unneeded time.h include
jsg [Sat, 12 Oct 2024 23:10:07 +0000 (23:10 +0000)]
remove unneeded percpu.h include
tb [Sat, 12 Oct 2024 16:15:28 +0000 (16:15 +0000)]
Exercise the EC parameters code a bit more
Ensure all builtin curves can be roundtripped through DER as named curves,
via explicit parameterization, using uncompressed, compressed and hybrid
point formats.
jmc [Sat, 12 Oct 2024 15:40:36 +0000 (15:40 +0000)]
remove blank line;
jsg [Sat, 12 Oct 2024 10:50:37 +0000 (10:50 +0000)]
remove duplicate misc.h include
ok dtucker@
nicm [Sat, 12 Oct 2024 08:20:32 +0000 (08:20 +0000)]
Call realpath on the source file to match -f on the command line, GitHub
issue 4180.
nicm [Sat, 12 Oct 2024 08:13:52 +0000 (08:13 +0000)]
Do not rename a buffer to itself, GitHub issue 4181.
jsg [Sat, 12 Oct 2024 07:58:40 +0000 (07:58 +0000)]
remove duplicate unistd.h include
robert [Sat, 12 Oct 2024 07:36:52 +0000 (07:36 +0000)]
introduce a new build class to be used by the build user
this class will be required for the upcoming llvm update
that requires bumped datasize because of llvm-tblgen
ok deraadt@
jsg [Sat, 12 Oct 2024 07:30:20 +0000 (07:30 +0000)]
remove vmparam.h include
not required since VM_PHYSSEG_MAX changed to HIB_PHYSSEG_MAX in rev 1.45
tb [Sat, 12 Oct 2024 03:54:18 +0000 (03:54 +0000)]
Remove unnecessary str variable in ssl_stat.c
Drop about 1/4 of the lines in here by avoiding the use of a variable.
For some reason the API in this file made me go listen to Pow R. Toc H.
All of a sudden the lyrics made sense. I should probably be worried.
ok beck jsing
tb [Fri, 11 Oct 2024 18:58:04 +0000 (18:58 +0000)]
Use a and b for the curve coefficients
No idea how anyone would think that tmp_1 and tmp_2 are better suited for
this.
ok jsing
tb [Fri, 11 Oct 2024 18:55:44 +0000 (18:55 +0000)]
Clean up ec_asn1_group2fieldid()
This drops some unnecessary freeing that was turned into a double free
reachable via public API in OpenSSL 1.1. Other than that it unindents
code and uses better variable names.
ok jsing
tb [Fri, 11 Oct 2024 18:35:39 +0000 (18:35 +0000)]
Fix a long-standing bug in ec_asn1_group2pkparameters()
Only check for the OPENSSL_EC_NAMED_CURVE being set to treat the curve
parameters as named curve parameters.
ok jsing
tb [Fri, 11 Oct 2024 18:34:20 +0000 (18:34 +0000)]
Use defines for the CHOICE variants of ECPKPARAMETERS
ok jsing
tb [Fri, 11 Oct 2024 18:32:03 +0000 (18:32 +0000)]
Remove NULL check in ec_asn1_pkparameters2group()
The callers already ensure that params != NULL.
ok jsing
tb [Fri, 11 Oct 2024 18:30:58 +0000 (18:30 +0000)]
Use better variable names in ec_asn1_pkparameters2group()
ok jsing
tb [Fri, 11 Oct 2024 18:18:10 +0000 (18:18 +0000)]
First cleanup pass over ec_asn1_group2pkparameters()
Use better variable names and do things in a slightly more sensible order.
This way the code becomes almost self-documenting.
ok jsing
deraadt [Fri, 11 Oct 2024 14:12:05 +0000 (14:12 +0000)]
The fw keys have been added to the signify key bundles. sysupgrade will
now extract the fw key also, so that pre-upgrade fw_update can fetch
the most uptodate firmware.
ok sthen
tb [Fri, 11 Oct 2024 13:32:22 +0000 (13:32 +0000)]
err.c: zap stray space
jsing [Fri, 11 Oct 2024 12:40:25 +0000 (12:40 +0000)]
Apply some style(9) and tidy some comments.
jsing [Fri, 11 Oct 2024 12:27:24 +0000 (12:27 +0000)]
Remove pointless locking from err_build_SYS_str_reasons().
err_build_SYS_str_reasons() is only called during initialisation, under
pthread_once(). As such, there is no need to grab CRYPTO_LOCK_ERR or
check for reentrant calls.
ok tb@
jsing [Fri, 11 Oct 2024 12:25:05 +0000 (12:25 +0000)]
Convert err_clear_data() and err_clear() from macros to functions.
ok tb@
jsing [Fri, 11 Oct 2024 12:20:06 +0000 (12:20 +0000)]
Remove unused typedef for ERR_FNS.
jsing [Fri, 11 Oct 2024 12:19:35 +0000 (12:19 +0000)]
Add err_ prefix to build_SYS_str_reasons().
jsing [Fri, 11 Oct 2024 12:10:12 +0000 (12:10 +0000)]
Make ERR_str_{libraries,reasons,functs}[] const.
Provide err_load_const_strings(), which takes a const ERR_STRING_DATA *
and does not perform a library error value fixup. Make ERR_str_*[] tables
const.
ok tb@
jsing [Fri, 11 Oct 2024 11:58:53 +0000 (11:58 +0000)]
Add ERR_LIB_SYS to the error values in ERR_str_functs[].
This is currently added via err_load_strings(), which means
ERR_str_functs[] cannot be made const. Adding ERR_LIB_SYS means the fixup
becomes unnecessary.
ok tb@
kettenis [Fri, 11 Oct 2024 09:55:24 +0000 (09:55 +0000)]
Revert ehci(4) bits in the previous commit. Apparently 64-bit DMA is broken
in (almost?) all ehci(4) controllers.
jsing [Fri, 11 Oct 2024 07:54:22 +0000 (07:54 +0000)]
Add error regress coverage for ERR_LIB_SYS.
These are dynamically populated based on strerror() values.
tb [Fri, 11 Oct 2024 06:21:30 +0000 (06:21 +0000)]
Remove params argument from ec_asn1_group2parameters()
Its only caller passes NULL, so we can simplify the entry point and the
exit of this function a bit.
ok jsing
tb [Fri, 11 Oct 2024 06:19:52 +0000 (06:19 +0000)]
Simplify ec_asn1_group2pkparameters()
The parameters argument is always NULL, so we can simplify this helper
accordingly.
ok jsing
tb [Fri, 11 Oct 2024 06:18:40 +0000 (06:18 +0000)]
Spell NULL in a simpler fashion
priv_key->parameters is always NULL at this point, since its corresponding
entry in the ASN.1 template has ASN1_TFLG_OPTIONAL set, so there is no point
in pretending to pass it to ec_asn1_group2pkparameters().
ok jsing
tb [Fri, 11 Oct 2024 06:13:09 +0000 (06:13 +0000)]
Clean up i2d_ECPKParameters()
Use better variable names and turn it into single-exit. This changes the
behavior slightly in that an error is pushed onto the stack also for
i2d_ECPKPARAMETERS() return values < 0.
ok jsing
jsg [Fri, 11 Oct 2024 03:00:56 +0000 (03:00 +0000)]
drm/amd/display: enable_hpo_dp_link_output: Check link_res->hpo_dp_link_enc before using it
From Alex Hung
e0b065ec636d66022ab7057e1635e9a941a42820 in linux-6.6.y/6.6.55
d925c04d974c657d10471c0c2dba3bc9c7d994ee in mainline linux
jsg [Fri, 11 Oct 2024 02:59:02 +0000 (02:59 +0000)]
drm/amd/display: Allow backlight to go below `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT`
From Mario Limonciello
a94ec40b940599b06fad2c9b7533e4b10bc6645c in linux-6.6.y/6.6.55
87d749a6aab73d8069d0345afaa98297816cb220 in mainline linux
jsg [Fri, 11 Oct 2024 02:56:45 +0000 (02:56 +0000)]
drm/amd/display: Fix system hang while resume with TBT monitor
From Tom Chung
68d603f467a75618eeae5bfe8af32cda47097010 in linux-6.6.y/6.6.55
52d4e3fb3d340447dcdac0e14ff21a764f326907 in mainline linux
jsg [Fri, 11 Oct 2024 02:54:38 +0000 (02:54 +0000)]
drm/amd/display: Add HDR workaround for specific eDP
From Alex Hung
487f6450bcb920ba1d58954c9e1ab969533b5da8 in linux-6.6.y/6.6.55
05af800704ee7187d9edd461ec90f3679b1c4aba in mainline linux
jsg [Fri, 11 Oct 2024 02:50:17 +0000 (02:50 +0000)]
drm/sched: Add locking to drm_sched_entity_modify_sched
From Tvrtko Ursulin
579a0a84e3c0174f296004ac4af83cd9819b38a9 in linux-6.6.y/6.6.55
4286cc2c953983d44d248c9de1c81d3a9643345c in mainline linux
jsg [Fri, 11 Oct 2024 02:48:48 +0000 (02:48 +0000)]
drm/i915/gem: fix bitwise and logical AND mixup
From Jani Nikula
451c87d21db61e74379b31369a7e10f41bc3bbba in linux-6.6.y/6.6.55
394b52462020b6cceff1f7f47fdebd03589574f3 in mainline linux
jsg [Fri, 11 Oct 2024 02:47:25 +0000 (02:47 +0000)]
drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS
From Thomas Zimmermann
c923bc874659f35a216aa3099f18c82572b09416 in linux-6.6.y/6.6.55
8b0d2f61545545ab5eef923ed6e59fc3be2385e0 in mainline linux
jsg [Fri, 11 Oct 2024 02:45:38 +0000 (02:45 +0000)]
drm/amdgpu/gfx10: use rlc safe mode for soft recovery
From Alex Deucher
4298813a43f72f6c8c71aa70a9e32b8fd0ad5f60 in linux-6.6.y/6.6.55
ead60e9c4e29c8574cae1be4fe3af1d9a978fb0f in mainline linux
jsg [Fri, 11 Oct 2024 02:44:18 +0000 (02:44 +0000)]
drm/amdgpu/gfx11: use rlc safe mode for soft recovery
From Alex Deucher
c20cd3d6d26156efbd3ec5b3fb17fae8237eb94b in linux-6.6.y/6.6.55
3f2d35c325534c1b7ac5072173f0dc7ca969dec2 in mainline linux
jsg [Fri, 11 Oct 2024 02:42:47 +0000 (02:42 +0000)]
drm/amd/pm: ensure the fw_info is not null before using it
From Tim Huang
b511474f49588cdca355ebfce54e7eddbf7b75a5 in linux-6.6.y/6.6.55
186fb12e7a7b038c2710ceb2fb74068f1b5d55a4 in mainline linux
jsg [Fri, 11 Oct 2024 02:40:37 +0000 (02:40 +0000)]
drm/amdgpu/gfx9: use rlc safe mode for soft recovery
From Alex Deucher
3ffbdc977d8008868431edb0195b81dec58944be in linux-6.6.y/6.6.55
3ec2ad7c34c412bd9264cd1ff235d0812be90e82 in mainline linux
jsg [Fri, 11 Oct 2024 02:38:44 +0000 (02:38 +0000)]
drm/amdgpu: Block MMR_READ IOCTL in reset
From Victor Skvortsov
8361e3f7882876d98ba98cae0d3149450dd80912 in linux-6.6.y/6.6.55
9e823f307074c0f82b5f6044943b0086e3079bed in mainline linux
jsg [Fri, 11 Oct 2024 02:36:31 +0000 (02:36 +0000)]
drm/radeon/r100: Handle unknown family in r100_cp_init_microcode()
From Geert Uytterhoeven
c474a1a75599f4e1c166f4d1eb510624bd4a83d5 in linux-6.6.y/6.6.55
c6dbab46324b1742b50dc2fb5c1fee2c28129439 in mainline linux
jsg [Fri, 11 Oct 2024 02:34:46 +0000 (02:34 +0000)]
drm/amdgpu: fix unchecked return value warning for amdgpu_gfx
From Tim Huang
deb78dc859ddba6770186fc0cf59c47487c33c9b in linux-6.6.y/6.6.55
c0277b9d7c2ee9ee5dbc948548984f0fbb861301 in mainline linux
jsg [Fri, 11 Oct 2024 02:33:11 +0000 (02:33 +0000)]
drm/printer: Allow NULL data in devcoredump printer
From Matthew Brost
4ee08b4a7201ba0f7f3d52e3840fee92f415b6c5 in linux-6.6.y/6.6.55
53369581dc0c68a5700ed51e1660f44c4b2bb524 in mainline linux
jsg [Fri, 11 Oct 2024 02:31:39 +0000 (02:31 +0000)]
drm/amd/display: Initialize get_bytes_per_element's default to 1
From Alex Hung
c7630935d9a4986e8c0ed91658a781b7a77d73f7 in linux-6.6.y/6.6.55
4067f4fa0423a89fb19a30b57231b384d77d2610 in mainline linux
jsg [Fri, 11 Oct 2024 02:29:43 +0000 (02:29 +0000)]
drm/amd/display: Fix index out of bounds in DCN30 color transformation
From Srinivasan Shanmugam
929506d5671419cffd8d01e9a7f5eae53682a838 in linux-6.6.y/6.6.55
d81873f9e715b72d4f8d391c8eb243946f784dfc in mainline linux
jsg [Fri, 11 Oct 2024 02:28:26 +0000 (02:28 +0000)]
drm/amd/display: Fix index out of bounds in degamma hardware format translation
From Srinivasan Shanmugam
122e3a7a8c7bcbe3aacddd6103f67f9f36bed473 in linux-6.6.y/6.6.55
b7e99058eb2e86aabd7a10761e76cae33d22b49f in mainline linux
jsg [Fri, 11 Oct 2024 02:26:49 +0000 (02:26 +0000)]
drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation
From Srinivasan Shanmugam
0d38a0751143afc03faef02d55d31f70374ff843 in linux-6.6.y/6.6.55
bc50b614d59990747dd5aeced9ec22f9258991ff in mainline linux