openbsd
19 months agosourceaddr:
jmc [Sat, 18 Mar 2023 11:44:53 +0000 (11:44 +0000)]
sourceaddr:

- show that -ifp and "address" do not mix
- show how to reset value (from claudio)
- tweak text

ok claudio

19 months agoRename bn_mod_exp_zero to the more appropriate bn_mod_exp
tb [Sat, 18 Mar 2023 09:09:11 +0000 (09:09 +0000)]
Rename bn_mod_exp_zero to the more appropriate bn_mod_exp

19 months agoRetire the bn_mod_exp test.
tb [Sat, 18 Mar 2023 09:04:05 +0000 (09:04 +0000)]
Retire the bn_mod_exp test.

Its is fully covered by bn_mod_exp_zero now.

19 months agoReimplement a variant of the bn_mod_exp tests from scratch
tb [Sat, 18 Mar 2023 08:55:42 +0000 (08:55 +0000)]
Reimplement a variant of the bn_mod_exp tests from scratch

This exercises the same corner cases as bn_mod_exp and a few more.
With input from jsing

19 months agofixes for mandoc -Tlint
jsg [Sat, 18 Mar 2023 08:20:20 +0000 (08:20 +0000)]
fixes for mandoc -Tlint
ok tb@

19 months agoremove -beta tag
deraadt [Fri, 17 Mar 2023 22:52:22 +0000 (22:52 +0000)]
remove -beta tag

19 months agoDocument M_LOG flag; from Peter J. Philipp.
millert [Fri, 17 Mar 2023 19:44:15 +0000 (19:44 +0000)]
Document M_LOG flag; from Peter J. Philipp.

19 months agoMove annoying yet harmless diagnostic message into #ifdef DEBUG.
miod [Fri, 17 Mar 2023 19:20:19 +0000 (19:20 +0000)]
Move annoying yet harmless diagnostic message into #ifdef DEBUG.

19 months agoAdjust sourceaddr argument parser.
claudio [Fri, 17 Mar 2023 16:11:09 +0000 (16:11 +0000)]
Adjust sourceaddr argument parser.

Only print the sourceaddrs if no argument was passed. If arguemnts
are set make sure that either and address is present or that an ifp
was given. This make the command behave a more like other route commands.
OK deraadt@

19 months agoFix rtr_parse_aspa(), the spas array is actually not copied over into
claudio [Fri, 17 Mar 2023 11:14:10 +0000 (11:14 +0000)]
Fix rtr_parse_aspa(), the spas array is actually not copied over into
the rtr_aspa struct so access them directly from the buf using offset
as the address of the first element.
OK tb@

19 months agoafter updating amdgpu-firmware from 20221214 to 20230310 a new
jsg [Thu, 16 Mar 2023 22:44:35 +0000 (22:44 +0000)]
after updating amdgpu-firmware from 20221214 to 20230310 a new
warning appeared in dmesg on renoir:

[drm] psp gfx command LOAD_TA(0x1) failed and response status is (0x7)
[drm] psp gfx command INVOKE_CMD(0x3) failed and response status is (0x4)
psp_securedisplay_parse_resp_status *ERROR* Secure display: Generic Failure.
psp_securedisplay_initialize *ERROR* SECUREDISPLAY: query securedisplay TA failed. ret 0x0

This is likely related to not implementing all the HDCP paths.
Return early in psp_securedisplay_initialize() to avoid this.

I suspect the newer renoir firmware adds a TA_FW_TYPE_PSP_SECUREDISPLAY
component the older one didn't have.

reported by jmc@

19 months agoAdd code to bring up the PCIe controller on the RK356x.
kettenis [Thu, 16 Mar 2023 18:33:19 +0000 (18:33 +0000)]
Add code to bring up the PCIe controller on the RK356x.

ok dlg@

19 months agoWhen syslogd is sending messages via UDP to a remote loghost, it
bluhm [Thu, 16 Mar 2023 18:22:08 +0000 (18:22 +0000)]
When syslogd is sending messages via UDP to a remote loghost, it
stops if there is a permanent error.  Add EACCES generated by pf
to the list of transient errors.  This restores pre-6.5 behavior
and continues logging after pf.conf has been fixed.
OK millert@ deraadt@ mvs@

19 months agoUpdate for 7.3.
miod [Thu, 16 Mar 2023 18:04:07 +0000 (18:04 +0000)]
Update for 7.3.

19 months agoConsistent phrasing: function -> function pointer
job [Thu, 16 Mar 2023 15:45:38 +0000 (15:45 +0000)]
Consistent phrasing: function -> function pointer

19 months agoAdd X509_STORE_{set,get}_check_issued and X509_STORE_CTX_get_check_issued to manpage
job [Thu, 16 Mar 2023 15:21:44 +0000 (15:21 +0000)]
Add X509_STORE_{set,get}_check_issued and X509_STORE_CTX_get_check_issued to manpage

with and OK tb@

19 months agosync
tb [Thu, 16 Mar 2023 15:07:42 +0000 (15:07 +0000)]
sync

19 months agoInstall EVP_CIPHER_meth_new.3
tb [Thu, 16 Mar 2023 15:06:17 +0000 (15:06 +0000)]
Install EVP_CIPHER_meth_new.3

19 months agoAdd EVP_CIPHER_meth_* documentation from OpenSSL 1.1
tb [Thu, 16 Mar 2023 15:05:23 +0000 (15:05 +0000)]
Add EVP_CIPHER_meth_* documentation from OpenSSL 1.1

This is essentially the original text with a few tweaks and fixes by me,
removing parts inapplicable to LibreSSL. There are dangling references to
EVP_CIPHER_CTX_copy(3) and EVP_CIPHER_CTX_get_cipher_data(3). This all
isn't great, but it's better than nothing. Probably good enough for these
rarely used functions.

19 months agoUpdate manpage for X509_CRL_get0_tbs_sigalg()
job [Thu, 16 Mar 2023 12:01:47 +0000 (12:01 +0000)]
Update manpage for X509_CRL_get0_tbs_sigalg()

OK tb@

19 months agoAdd missing dependecy for rkcomphy(4); pointed out by dlg@
kettenis [Thu, 16 Mar 2023 10:33:44 +0000 (10:33 +0000)]
Add missing dependecy for rkcomphy(4); pointed out by dlg@

19 months agoBump LibreSSL version to 3.7.2
tb [Thu, 16 Mar 2023 08:16:21 +0000 (08:16 +0000)]
Bump LibreSSL version to 3.7.2

19 months agorevert previous, stsp made WEP work on bwfm(4)
kn [Thu, 16 Mar 2023 06:57:11 +0000 (06:57 +0000)]
revert previous, stsp made WEP work on bwfm(4)

19 months agomake WEP encryption work on bwfm(4)
stsp [Wed, 15 Mar 2023 22:47:35 +0000 (22:47 +0000)]
make WEP encryption work on bwfm(4)

based on an initial diff by jsg@
brokenness pointed out by kn@
ok jsg@

19 months agotweak sourceaddr:
jmc [Wed, 15 Mar 2023 22:39:58 +0000 (22:39 +0000)]
tweak sourceaddr:

- remove "-inet|-inet6" as it is not generally meaningful
- remove the qualifier "if set": sourceaddr now works nicely in cases
  where no "address is given

19 months agoFix a number of out of bound reads in DNS response parsing.
millert [Wed, 15 Mar 2023 22:12:00 +0000 (22:12 +0000)]
Fix a number of out of bound reads in DNS response parsing.
Originally from djm@.  OK deraadt@ florian@ bluhm@

19 months agostate that binary updates are not available for all platforms/architectures.
benno [Wed, 15 Mar 2023 21:42:23 +0000 (21:42 +0000)]
state that binary updates are not available for all platforms/architectures.
triggered by a bug report by 'kodcode', thanks.
wording adjusted by jmc@, ok phessler@

19 months agoopenssh-9.3
djm [Wed, 15 Mar 2023 21:19:57 +0000 (21:19 +0000)]
openssh-9.3

19 months agoslightly earlier, and tweak some dates
deraadt [Wed, 15 Mar 2023 19:54:32 +0000 (19:54 +0000)]
slightly earlier, and tweak some dates

19 months agoDo not leak screen in popups, GitHub issue 3492.
nicm [Wed, 15 Mar 2023 19:23:22 +0000 (19:23 +0000)]
Do not leak screen in popups, GitHub issue 3492.

19 months agoFix the length check when computing a fake challenge for users not
millert [Wed, 15 Mar 2023 17:01:35 +0000 (17:01 +0000)]
Fix the length check when computing a fake challenge for users not
in the S/Key database.  If the system hostname is longer than 126
characters this could result in NUL bytes being written past the
end of a stack buffer.  There is no impact on systems with a hostname
126 characters or less.  Found by Qualys.  OK deraadt@

19 months agoAdd missing nameref resolving for the _DEP() package elements that indicate
kettenis [Wed, 15 Mar 2023 13:01:40 +0000 (13:01 +0000)]
Add missing nameref resolving for the _DEP() package elements that indicate
dependencies between ACPI devices.

ok dlg@, deraadt@

19 months agoShow MFTs as part of the signature path
job [Wed, 15 Mar 2023 11:09:34 +0000 (11:09 +0000)]
Show MFTs as part of the signature path

no objection tb@

19 months agoFor now pass AF_UNSPEC to printsource() to ensure that both inet and inet6
claudio [Wed, 15 Mar 2023 08:43:51 +0000 (08:43 +0000)]
For now pass AF_UNSPEC to printsource() to ensure that both inet and inet6
addrs are fetched from the kernel. This needs more cleanup.

19 months agoMake route sourceaddr always print the used addresses for inet and inet6.
claudio [Wed, 15 Mar 2023 08:42:14 +0000 (08:42 +0000)]
Make route sourceaddr always print the used addresses for inet and inet6.
Print 'default' if no sourceaddr is set and the default algorithm is used.
With and OK kn@ deraadt@

19 months agodrm/amdgpu/vcn: Disable indirect SRAM on Vangogh broken BIOSes
jsg [Wed, 15 Mar 2023 08:36:33 +0000 (08:36 +0000)]
drm/amdgpu/vcn: Disable indirect SRAM on Vangogh broken BIOSes

From Guilherme G. Piccoli in amd-staging-drm-next
https://gitlab.freedesktop.org/drm/amd/-/issues/2385

This fixes amdgpu failing to init on Steam Deck after the drm 6.1 update:

[drm] failed to load ucode VCN0_RAM(0x3A) [drm] psp gfx command LOAD_IP_FW(0x6)
failed and response status is (0xFFFF0000)
[drm] *ERROR* ring vcn_dec_0 test failed (-60)
[drm] *ERROR* hw_init of IP block <vcn_v3_0> failed -60
drm:pid0:amdgpu_device_init *ERROR* amdgpu_device_ip_init failed
drm:pid0:amdgpu_attachhook *ERROR* Fatal error during GPU init

reported and tested by bentley@ on:
bios0: vendor Valve version "F7A0113" date 11/04/2022
bios0: Valve Jupiter

19 months agohandle dmi_get_system_info(DMI_BIOS_VERSION)
jsg [Wed, 15 Mar 2023 08:24:56 +0000 (08:24 +0000)]
handle dmi_get_system_info(DMI_BIOS_VERSION)

19 months agostore bios version, needed for amdgpu Steam Deck quirk
jsg [Wed, 15 Mar 2023 08:20:52 +0000 (08:20 +0000)]
store bios version, needed for amdgpu Steam Deck quirk

19 months agoFix command prompt not to always append argument but only if there has
nicm [Wed, 15 Mar 2023 08:15:39 +0000 (08:15 +0000)]
Fix command prompt not to always append argument but only if there has
actually been expansion. GitHub issue 3493.

19 months agoReturn the signature length after successful signing operation
tb [Wed, 15 Mar 2023 06:34:07 +0000 (06:34 +0000)]
Return the signature length after successful signing operation

This is required behavior of the EVP_DigestSign() API, but seemingly
almost nothing uses this. Well, turns out ldns does.

Reported by Stephane. Helpful comments by sthen.

ok jsing

19 months agoAdd comments that explain why things are done in this strange order.
tb [Wed, 15 Mar 2023 06:30:21 +0000 (06:30 +0000)]
Add comments that explain why things are done in this strange order.

There's some method to this madness.

ok jsing

19 months agoPush calloc() of ndef_aux down as far as possible and
tb [Wed, 15 Mar 2023 06:28:55 +0000 (06:28 +0000)]
Push calloc() of ndef_aux down as far as possible and
pull the setting of the ex_arg up, so we can do error
checking.

ok jsing

19 months agoError check BIO_asn1_set_{prefix,suffix}() calls
tb [Wed, 15 Mar 2023 06:22:42 +0000 (06:22 +0000)]
Error check BIO_asn1_set_{prefix,suffix}() calls

ok jsing

19 months agoStreaming BIOs assume they can write to NULL BIOs
tb [Wed, 15 Mar 2023 06:14:02 +0000 (06:14 +0000)]
Streaming BIOs assume they can write to NULL BIOs

At least SMIME_text() relies on this. Pushing an error on the stack trips
PKCS7 regress in py-cryptography, so indicate nothing was written instead
of throwing an error.

Reported by Alex Gaynor a while back

ok jsing

19 months agoEnsure negative input to BN_mod_exp_mont_consttime() is correctly reduced.
jsing [Wed, 15 Mar 2023 04:30:20 +0000 (04:30 +0000)]
Ensure negative input to BN_mod_exp_mont_consttime() is correctly reduced.

A negative input to BN_mod_exp_mont_consttime() is not correctly reduced,
remaining negative (when it should be in the range [0, m)). Fix this by
unconditionally calling BN_nnmod() on the input.

Fixes ossfuzz #55997.

ok tb@

19 months agoInclude tests with negative values in BN_mod_exp* regress.
jsing [Wed, 15 Mar 2023 04:26:23 +0000 (04:26 +0000)]
Include tests with negative values in BN_mod_exp* regress.

This currently fails.

19 months agobn_mod_exp_zero: rename result into got
tb [Wed, 15 Mar 2023 00:41:04 +0000 (00:41 +0000)]
bn_mod_exp_zero: rename result into got

19 months agoPrep for rpki-client 8.3
claudio [Tue, 14 Mar 2023 13:31:16 +0000 (13:31 +0000)]
Prep for rpki-client 8.3

19 months agoWEP in bfwm(4) never worked, sync with reality
kn [Tue, 14 Mar 2023 11:25:22 +0000 (11:25 +0000)]
WEP in bfwm(4) never worked, sync with reality

"ifconfig bwfm0 [-]nwkey ..." does not work and thus the installer no longer
offers WEP, so unmention support while leaving the recommendation against it.

19 months agoFree KRL itself in addition to its contents. From Coverity CID 291841,
dtucker [Tue, 14 Mar 2023 07:28:47 +0000 (07:28 +0000)]
Free KRL itself in addition to its contents. From Coverity CID 291841,
ok djm@

19 months agoCheck pointer for NULL before attempting to deref. None of the existing
dtucker [Tue, 14 Mar 2023 07:26:25 +0000 (07:26 +0000)]
Check pointer for NULL before attempting to deref.  None of the existing
callers seem to do that, but it's worth checking.  From Coverity CID
291834, ok djm@

19 months agorpki-client: disallow AIA in self-signed certs
tb [Tue, 14 Mar 2023 07:09:11 +0000 (07:09 +0000)]
rpki-client: disallow AIA in self-signed certs

Per RFC 6487, 4.8.7, self-signed certificates must not have an Authority
Info Access extension. In normal operation this is ensured by ta_parse()
and cert_parse(), respectively. In filemode, only partial checks are
performed, so this is not guaranteed.

Issue flagged by and ok job

19 months agosync the boot options list, and some macro fixes;
jmc [Tue, 14 Mar 2023 06:55:31 +0000 (06:55 +0000)]
sync the boot options list, and some macro fixes;
ok miod

19 months agosync
deraadt [Tue, 14 Mar 2023 04:51:34 +0000 (04:51 +0000)]
sync

19 months agoTo avoid misunderstanding, keep variables for tcp keepalive in
yasuoka [Tue, 14 Mar 2023 00:24:05 +0000 (00:24 +0000)]
To avoid misunderstanding, keep variables for tcp keepalive in
milliseconds, which is the same unit of tcp_now().  However, keep the
unit of sysctl variables in seconds and convert their unit in
tcp_sysctl().  Additionally revert TCPTV_SRTTDFLT back to 3 seconds,
which was mistakenly changed to 1.5 seconds by tcp_timer.h 1.19.

ok claudio

19 months agoclockintr: add missing newline to ddb(4) printout
cheloha [Tue, 14 Mar 2023 00:11:58 +0000 (00:11 +0000)]
clockintr: add missing newline to ddb(4) printout

Let's also print the state (running, pending, or established) of each
clockintr.

19 months agoDon't lookup the signature path's expiry for trust anchor certs
job [Mon, 13 Mar 2023 21:01:06 +0000 (21:01 +0000)]
Don't lookup the signature path's expiry for trust anchor certs

19 months agoIn filemode, also print details for .cer certificates
job [Mon, 13 Mar 2023 20:55:14 +0000 (20:55 +0000)]
In filemode, also print details for .cer certificates

19 months agoPoint people to boot(8) rather than duplicating information.
miod [Mon, 13 Mar 2023 20:32:28 +0000 (20:32 +0000)]
Point people to boot(8) rather than duplicating information.

19 months agoSwitch alpha to new boot blocks.
miod [Mon, 13 Mar 2023 20:20:59 +0000 (20:20 +0000)]
Switch alpha to new boot blocks.

19 months agoAdd manual page.
miod [Mon, 13 Mar 2023 20:20:13 +0000 (20:20 +0000)]
Add manual page.

19 months ago"ask name" option letter is 'n' instead of 'a' on pmax and alpha for historical
miod [Mon, 13 Mar 2023 20:19:22 +0000 (20:19 +0000)]
"ask name" option letter is 'n' instead of 'a' on pmax and alpha for historical
(and firmware) reasons.

19 months agoCheck that the CMS signing-time is not after the MFT's nextUpdate
job [Mon, 13 Mar 2023 19:54:36 +0000 (19:54 +0000)]
Check that the CMS signing-time is not after the MFT's nextUpdate

Issuing manifests whose validity window is entirely in the past, as
observed from the purported CMS signing-time would be a form of backdating.

OK tb@

19 months agoIn filemode, display the moment the signature path will expire
job [Mon, 13 Mar 2023 19:51:49 +0000 (19:51 +0000)]
In filemode, display the moment the signature path will expire

Previously this was only shown for ROA+ASPA. Now also show for
GBR, Geofeed, Certs, RSC, and TAK.

OK tb@

19 months agoCheck that the CMS signing-time isn't after the X.509 notAfter
job [Mon, 13 Mar 2023 19:46:55 +0000 (19:46 +0000)]
Check that the CMS signing-time isn't after the X.509 notAfter

The CMS signing-time is the purported 'now' from the perspective of the
issuer. It doesn't make sense for an issuer to sign objects that have a
validity window that falls entirely in the past (from the perspective of
the signer). Although CMS signing-time is not a trusted timestamp, it
should never be after X.509 notAfter.

OK tb@

19 months agotypo fix; ok claudio
jmc [Mon, 13 Mar 2023 18:31:54 +0000 (18:31 +0000)]
typo fix; ok claudio

19 months agovmd(8): backout ns8250 changes.
dv [Mon, 13 Mar 2023 18:09:41 +0000 (18:09 +0000)]
vmd(8): backout ns8250 changes.

This backs out commit h1IJwTVsYWfnRKWy which intended to fix interrupt
issues on slower host hardware. Unfortunately, this causes a race
condition on much faster host hardware. It still requires investigation.

With an "I told you so" about touching ns8250 from mlarkin@

19 months agoIn filemode for ROAs/ASPAs display when the Signature path will expire
job [Mon, 13 Mar 2023 18:02:58 +0000 (18:02 +0000)]
In filemode for ROAs/ASPAs display when the Signature path will expire

Also rename 'certification path' to 'signature path' for alignment

OK tb@

19 months agoExtend bgplgd to handle leaked and invalid options to show rib.
claudio [Mon, 13 Mar 2023 17:31:28 +0000 (17:31 +0000)]
Extend bgplgd to handle leaked and invalid options to show rib.
OK tb@

19 months agoExtend bgpctl show rib with two new options:
claudio [Mon, 13 Mar 2023 16:59:22 +0000 (16:59 +0000)]
Extend bgpctl show rib with two new options:
 - invalid: show only routes that are not valid
 - leaked: show only routes where a route leak was detected
OK tb@

19 months agoAdd F_CTL_LEAKED and F_CTL_INELIGIBLE flags for bgpctl to show leaked
claudio [Mon, 13 Mar 2023 16:52:41 +0000 (16:52 +0000)]
Add F_CTL_LEAKED and F_CTL_INELIGIBLE flags for bgpctl to show leaked
and ineligible paths.
While there rename F_PREF_OTC_LOOP to F_PREF_OTC_LEAK since this indicates
that a route leak was detected.
OK tb@

19 months agoTry to explain that the neighor role is required to enable both
claudio [Mon, 13 Mar 2023 16:39:29 +0000 (16:39 +0000)]
Try to explain that the neighor role is required to enable both
ASPA validation and RFC9234 OTC leak detection and role capability.
The role on iBGP peers is forced to 'none' since it makes no sense there.
After input from benno@

19 months agoMerge calling print_certification_path() into adjacent else branch
job [Mon, 13 Mar 2023 15:50:40 +0000 (15:50 +0000)]
Merge calling print_certification_path() into adjacent else branch

OK tb@

19 months agoFix potential underflow when printing STP data.
mbuhl [Mon, 13 Mar 2023 14:58:01 +0000 (14:58 +0000)]
Fix potential underflow when printing STP data.
Reported by Peter J. Philipp
ok claudio

19 months agoRefactor whats printed when in filemode
job [Mon, 13 Mar 2023 13:42:01 +0000 (13:42 +0000)]
Refactor whats printed when in filemode

OK tb@

19 months agoFix usbpcap handler to properly detect overflows using TCHECK macros.
claudio [Mon, 13 Mar 2023 13:36:56 +0000 (13:36 +0000)]
Fix usbpcap handler to properly detect overflows using TCHECK macros.
OK mpi@ mbuhl@

19 months agoAdd "machine poweroff" command on luna88k bootloader.
aoyama [Mon, 13 Mar 2023 11:59:39 +0000 (11:59 +0000)]
Add "machine poweroff" command on luna88k bootloader.

ok miod@

19 months agoRevert accidental change from explicit to implicit tagging in r1.86.
tb [Mon, 13 Mar 2023 10:39:03 +0000 (10:39 +0000)]
Revert accidental change from explicit to implicit tagging in r1.86.

ok job

19 months agoRename some data fields to closer match their provenance
job [Mon, 13 Mar 2023 09:24:37 +0000 (09:24 +0000)]
Rename some data fields to closer match their provenance

OK tb@

19 months agoStop confusing out and asn_bio in BIO_new_NDEF()
tb [Mon, 13 Mar 2023 07:31:09 +0000 (07:31 +0000)]
Stop confusing out and asn_bio in BIO_new_NDEF()

BIO_new_NDEF() sets up an ASN.1 BIO to the output chain and then adds even
more BIOs. Since BIO_push(bio, new_tail) returns bio on success, after the
if ((out = BIO_push(asn_bio, out)) != NULL) the 'out' BIO and the 'asn_bio'
are the same. The code then goes on and uses one or the other. This is very
confusing. Simply stop using out once it's appended to asn_bio.

ok jsing

19 months agoregen
kettenis [Mon, 13 Mar 2023 07:30:44 +0000 (07:30 +0000)]
regen

19 months agoAdd Kingston NV2 NVMe drive.
kettenis [Mon, 13 Mar 2023 07:30:11 +0000 (07:30 +0000)]
Add Kingston NV2 NVMe drive.

19 months agosync
deraadt [Mon, 13 Mar 2023 04:15:44 +0000 (04:15 +0000)]
sync

19 months agosh, landisk: set HZ=64 again
cheloha [Sun, 12 Mar 2023 22:18:58 +0000 (22:18 +0000)]
sh, landisk: set HZ=64 again

The addition of HZ to sys/kernel.h in v1.26 overrides the default
definition of HZ in sh/clock.c, changing landisk from HZ=64 to HZ=100.

Explicitly set HZ=64 in the GENERIC and RAMDISK config(8) files to can
change it from 100 back to 64.

Not sure if this is the best thing, but it does fix the problem.

Problem confirmed by, and fix tested by, miod@.

ok miod@

19 months agocorrect macro request (.nm -> .Nm);
jmc [Sun, 12 Mar 2023 20:14:41 +0000 (20:14 +0000)]
correct macro request (.nm -> .Nm);

19 months agorkcomphy(4)
kettenis [Sun, 12 Mar 2023 19:02:34 +0000 (19:02 +0000)]
rkcomphy(4)

19 months agopk7_cb() and cms_cb()
tb [Sun, 12 Mar 2023 17:29:02 +0000 (17:29 +0000)]
pk7_cb() and cms_cb()

Add and fix FALLTHROUGH statement. I was confused for way too long since
I hadn't noticed that this case fell through to the next. Also add and
move some empty lines in the cms_cb() to make this resemble KNF more.

19 months agoAdd rkcomphy(3), a driver for the "naneng" combo PHY found on the RK356x
kettenis [Sun, 12 Mar 2023 14:29:50 +0000 (14:29 +0000)]
Add rkcomphy(3), a driver for the "naneng" combo PHY found on the RK356x
(and RK3588).  This is a PIPE PHY with support for PCIe, SATA, USB3, SGMII
and QSGMII.  For now only PCIe, SATA and USB3 support are implemented.
SATA support has not been tested.

Also add the refernce clocks needed by the PHYs to rkclock(4).

ok mlarkin@

19 months agozap a tab
tb [Sun, 12 Mar 2023 13:31:39 +0000 (13:31 +0000)]
zap a tab

19 months agoAlphabetically sort various bits and pieces - mechanical change
job [Sun, 12 Mar 2023 12:11:45 +0000 (12:11 +0000)]
Alphabetically sort various bits and pieces - mechanical change

Might make later refactors easier to follow

OK tb@

19 months agoAdd crl.c in various places to gain access to the new helper
job [Sun, 12 Mar 2023 11:55:34 +0000 (11:55 +0000)]
Add crl.c in various places to gain access to the new helper

19 months agoRefactor expiration calculation
job [Sun, 12 Mar 2023 11:54:56 +0000 (11:54 +0000)]
Refactor expiration calculation

Unify common code paths which find the exact expiry moment into a new
helper function. Additionally, the new helper offers more accuracy by
checking more applicable CRLs whether their 'nextupdate' is 'sooner'.

tb@ noted: The helper adds a multiplier of log(#crls), but that's
certainly acceptable as it is still very cheap.

OK tb@

19 months agoAvoid an 1 byte out-of-bounds read in ASN1_PRINTABLE_type()
tb [Sun, 12 Mar 2023 11:49:02 +0000 (11:49 +0000)]
Avoid an 1 byte out-of-bounds read in ASN1_PRINTABLE_type()

In case the input is not NUL terminated, the reversed check for length
and terminating NUL results in a one-byte overread. The documentation
says that the input should be a string, but in ASN.1 land you never
know...

Reported by Guido Vranken a while back

ok beck

19 months agoInitialize the local signtime variable in the individual *_parse()
tb [Sun, 12 Mar 2023 11:46:35 +0000 (11:46 +0000)]
Initialize the local signtime variable in the individual *_parse()
functions

ok job

19 months agoInvalidate the signtime output parameter in cms_parse_validate_internal()
tb [Sun, 12 Mar 2023 11:45:52 +0000 (11:45 +0000)]
Invalidate the signtime output parameter in cms_parse_validate_internal()
and in cms_get_signtime().

ok job

19 months agoEnable mvtemp(4)
jmatthew [Sun, 12 Mar 2023 10:50:06 +0000 (10:50 +0000)]
Enable mvtemp(4)

19 months agoUpdate supported hardware list and fix spelling of Marvell while I'm here
jmatthew [Sun, 12 Mar 2023 10:49:05 +0000 (10:49 +0000)]
Update supported hardware list and fix spelling of Marvell while I'm here

19 months agoMatch on the Armada 380 temperature sensor, which works the same as the
jmatthew [Sun, 12 Mar 2023 10:46:27 +0000 (10:46 +0000)]
Match on the Armada 380 temperature sensor, which works the same as the
CP110 sensor.

ok kettenis@

19 months agoPut upper bound on number of entries in SSH2_MSG_EXT_INFO request.
dtucker [Sun, 12 Mar 2023 10:40:39 +0000 (10:40 +0000)]
Put upper bound on number of entries in SSH2_MSG_EXT_INFO request.
This is already constrained by the maximum SSH packet size but this
makes it explicit.  Prompted by Coverity CID 291868, ok djm@ markus@

19 months agocalloc can return NULL but xcalloc cannot. From Coverity CID 291881,
dtucker [Sun, 12 Mar 2023 09:41:18 +0000 (09:41 +0000)]
calloc can return NULL but xcalloc cannot.  From Coverity CID 291881,
ok djm@