openbsd
8 weeks agoMerge fcrypt_b.c into fcrypt.c.
jsing [Sat, 31 Aug 2024 15:39:33 +0000 (15:39 +0000)]
Merge fcrypt_b.c into fcrypt.c.

There is no need for these to be separate (presumably done due to assembly
implementations, even though there are #ifdef as well).

Discussed with tb@

8 weeks agoRemove now unused ncbc_enc.c.
jsing [Sat, 31 Aug 2024 14:31:20 +0000 (14:31 +0000)]
Remove now unused ncbc_enc.c.

8 weeks agoExpand DES_ncbc_encrypt() in des_enc.c.
jsing [Sat, 31 Aug 2024 14:29:15 +0000 (14:29 +0000)]
Expand DES_ncbc_encrypt() in des_enc.c.

Copy ncbc_enc.c where it was previously #included, then clean up with
`unifdef -m -UCBC_ENC_C__DONT_UPDATE_IV`.

Discussed with tb@

8 weeks agoExpand DES_cbc_encrypt() in cbc_enc.c.
jsing [Sat, 31 Aug 2024 14:25:04 +0000 (14:25 +0000)]
Expand DES_cbc_encrypt() in cbc_enc.c.

Copy ncbc_enc.c where it was previously #included, then clean up with
`unifdef -m -DCBC_ENC_C__DONT_UPDATE_IV`.

Discussed with tb@

8 weeks agoupdate the header; ok and error corrected by jsg
jmc [Sat, 31 Aug 2024 13:41:13 +0000 (13:41 +0000)]
update the header; ok and error corrected by jsg

8 weeks agogrammar tweaks; counter tweaked by dlg
jmc [Sat, 31 Aug 2024 13:39:36 +0000 (13:39 +0000)]
grammar tweaks; counter tweaked by dlg

8 weeks agoUpdate for OPENSSL_cpu_caps() now being machine independent.
jsing [Sat, 31 Aug 2024 12:47:24 +0000 (12:47 +0000)]
Update for OPENSSL_cpu_caps() now being machine independent.

8 weeks agoUpdate for OPENSSL_cpu_caps() now being machine independent.
jsing [Sat, 31 Aug 2024 12:46:55 +0000 (12:46 +0000)]
Update for OPENSSL_cpu_caps() now being machine independent.

ok tb@

8 weeks agoMake OPENSSL_cpu_caps() machine independent.
jsing [Sat, 31 Aug 2024 12:43:58 +0000 (12:43 +0000)]
Make OPENSSL_cpu_caps() machine independent.

OPENSSL_cpu_caps() is currently machine dependent and exposes CPUID data
on amd64 and i386. However, what it is really used for is to indicate
whether specific algorithms are accelerated on the given hardware. Change
OPENSSL_cpu_caps() so that it returns a machine indepent value, which
decouples it from amd64/i386 and will allow it to be used appropriately
on other platforms in the future.

ok tb@

2 months agoUndo workaround for EVP_PKEY_*check() removal
tb [Sat, 31 Aug 2024 11:14:58 +0000 (11:14 +0000)]
Undo workaround for EVP_PKEY_*check() removal

2 months agosync libressl bump
tb [Sat, 31 Aug 2024 10:55:42 +0000 (10:55 +0000)]
sync libressl bump

2 months agomajor bump for libcrypto libssl and libtls
tb [Sat, 31 Aug 2024 10:54:12 +0000 (10:54 +0000)]
major bump for libcrypto libssl and libtls

2 months agoBump LIBRESSL_VERSION_NUMBER
tb [Sat, 31 Aug 2024 10:52:43 +0000 (10:52 +0000)]
Bump LIBRESSL_VERSION_NUMBER

2 months agoRemove SSL_add_compression_method
tb [Sat, 31 Aug 2024 10:51:48 +0000 (10:51 +0000)]
Remove SSL_add_compression_method

2 months agoExpose X509_get_signature_info
tb [Sat, 31 Aug 2024 10:49:35 +0000 (10:49 +0000)]
Expose X509_get_signature_info

To compensate for all the removals, a single, small, constructive piece
of this bump: expose X509_get_signature_info() so that libssl's security
level API can handle RSA-PSS certificates correctly.

ok beck jsing

2 months agoMake X509at_* API internal
tb [Sat, 31 Aug 2024 10:46:40 +0000 (10:46 +0000)]
Make X509at_* API internal

The only consumer, yara, has been adjusted. It will be some more work
to remove this idiocy internally, but at least we will no longer have
to care about external consumers.

ok beck jsing

2 months agosync
tb [Sat, 31 Aug 2024 10:45:37 +0000 (10:45 +0000)]
sync

2 months agoUnexport OPENSSL_cpuid_setup and OPENSSL_ia32cap_P
tb [Sat, 31 Aug 2024 10:44:39 +0000 (10:44 +0000)]
Unexport OPENSSL_cpuid_setup and OPENSSL_ia32cap_P

This allows us in particular to get rid of the MD Symbols.list which
were needed on amd64 and i386 for llvm 16 a while back. OPENSSL_ia32cap_P
was never properly exported since the symbols were marked .hidden in the
asm.

ok beck jsing

2 months agoZap HMAC_Init
tb [Sat, 31 Aug 2024 10:42:21 +0000 (10:42 +0000)]
Zap HMAC_Init

Long deprecated, last users have been fixed.

ok beck jsing

2 months agoNuke the whrlpool (named after the galaxy) from orbit
tb [Sat, 31 Aug 2024 10:38:49 +0000 (10:38 +0000)]
Nuke the whrlpool (named after the galaxy) from orbit

It's just gross. Only used by a popular disk encryption utility on an
all-too-popular OS one or two decades back.

ok beck jsing

2 months agoRemove DES_enc_{read,write} and DES_rw_mode
tb [Sat, 31 Aug 2024 10:30:16 +0000 (10:30 +0000)]
Remove DES_enc_{read,write} and DES_rw_mode

Unfortunately we'll probably never be able to get rid of DES entirely.
One part of it that is old enough to be a grandparent can go, though.

ok beck jsing

2 months agoGarbage collec UI_UTIL remnants
tb [Sat, 31 Aug 2024 10:28:03 +0000 (10:28 +0000)]
Garbage collec UI_UTIL remnants

ok beck jsing

2 months agoRemove EVP_PKEY.*attr* API
tb [Sat, 31 Aug 2024 10:25:38 +0000 (10:25 +0000)]
Remove EVP_PKEY.*attr* API

I ranted enough about this recently. PKCS#12. Microsoft. 'nuff said.

ok beck jsing

2 months agoMove BIT_STRING_BITNAME tables to const
tb [Sat, 31 Aug 2024 10:23:13 +0000 (10:23 +0000)]
Move BIT_STRING_BITNAME tables to const

Another bunch of const correctness fixes for global tables. These are
used to map ns cert types, key usage types and CRL reasons to strings
and vice versa. By the looks of it, nobody ever figured out how to use
this (need I mention that it's convoluted?).

ok beck jsing

2 months agoconst correct X509_LOOKUP_METHOD
tb [Sat, 31 Aug 2024 10:19:17 +0000 (10:19 +0000)]
const correct X509_LOOKUP_METHOD

With this another family of global tables becomes const as it should
always have been.

ok beck jsing

2 months agoRemove X509_REQ_{set,get}_extension_nids()
tb [Sat, 31 Aug 2024 10:16:52 +0000 (10:16 +0000)]
Remove X509_REQ_{set,get}_extension_nids()

LibreSSL no longer supports non-standard OIDs for use in the extensions
attribute of CSRs. The API that enabled that (and nobody used of course)
can now go.

ok beck jsing

2 months agoMake X509_VAL opaque
tb [Sat, 31 Aug 2024 10:14:17 +0000 (10:14 +0000)]
Make X509_VAL opaque

Nothing needs to reach into this structure, which is part of
certificates. So hide its innards.

ok beck jsing

2 months agoRemove X509_check_trust() and some related defines
tb [Sat, 31 Aug 2024 10:12:23 +0000 (10:12 +0000)]
Remove X509_check_trust() and some related defines

Someone thought it would be a good idea to append non-standard trust
information to the certs in the trust store. This API is used to
inspect that depending on the intended purpose of the cert. Only
M2Crypto thought it necessary to expose this. It was adjusted.

ok beck jsing

2 months agoRemove ERR_add_{,v}data()
tb [Sat, 31 Aug 2024 10:09:15 +0000 (10:09 +0000)]
Remove ERR_add_{,v}data()

Another unused bit of legacy API...

ok beck jsing

2 months agoThe X509V3_CONF_METHOD goes away
tb [Sat, 31 Aug 2024 10:06:39 +0000 (10:06 +0000)]
The X509V3_CONF_METHOD goes away

No longer used, never really needed.

ok beck jsing

2 months agoRemove X509V3_get_string/X509V3_string_free
tb [Sat, 31 Aug 2024 10:04:50 +0000 (10:04 +0000)]
Remove X509V3_get_string/X509V3_string_free

These have always been unused, but the db_meth abstraction hid that
very well. Bye.

ok beck jsing

2 months agoMake some more x509 conf stuff internal
tb [Sat, 31 Aug 2024 10:03:03 +0000 (10:03 +0000)]
Make some more x509 conf stuff internal

This internalizes a particularly scary layer of conf used for X.509
extensions. Again unused public API...

ok beck jsing

2 months agoRetire X509V3_set_conf_lhash()
tb [Sat, 31 Aug 2024 09:59:12 +0000 (09:59 +0000)]
Retire X509V3_set_conf_lhash()

Thankfully sthen removed the out-of-support PHP versions 7.4 and 8.0,
which were the last users of this API, which in turn permitted much of
this conf rampage. Now the stub can join its guts in the attic.

ok beck jsing

2 months agoRetire X509V3_EXT_{,CRL_,REQ_}add_conf()
tb [Sat, 31 Aug 2024 09:56:50 +0000 (09:56 +0000)]
Retire X509V3_EXT_{,CRL_,REQ_}add_conf()

Fortunately all projects who want to configure their extensions using
a dangerous string DSL/API figured out the fact that one was supposed to
be using the nconf version of these (the hint is the 'n', as in new).

ok beck jsing

2 months agoRemove OPENSSL_load_builtin_modules
tb [Sat, 31 Aug 2024 09:54:31 +0000 (09:54 +0000)]
Remove OPENSSL_load_builtin_modules

This became obsolete with the automatic library initialization. Now it
is time for it to become an internal API.

ok beck jsing

2 months agoUnexport CONF_set_nconf()
tb [Sat, 31 Aug 2024 09:53:02 +0000 (09:53 +0000)]
Unexport CONF_set_nconf()

This translation device from old to new conf guts will need to stay
for a while. However, it's only needed internally.

ok beck jsing

2 months agoRemove more CONF_* functions that are no longer needed
tb [Sat, 31 Aug 2024 09:50:52 +0000 (09:50 +0000)]
Remove more CONF_* functions that are no longer needed

This is the next layer of unused cruft that can now go. The code lovingly
called it 'the "CONF classic" functions'. No tear was shed. Don't worry,
we still have the "New CONF" functions!

ok beck jsing

2 months agoInline last use of CONF_free()
tb [Sat, 31 Aug 2024 09:46:17 +0000 (09:46 +0000)]
Inline last use of CONF_free()

This permits another single-use-no-longer-public API to join the party
in the bit bucket.

ok beck jsing

2 months agoUnexport NCONF_default
tb [Sat, 31 Aug 2024 09:44:00 +0000 (09:44 +0000)]
Unexport NCONF_default

The only project I'm aware of that ever used this was rust-openssl
and they did so for no good reason. So remove this API, the crate's
code is already adjusted accordingly.

ok beck jsing

2 months agoInline NCONF_free_data in its only user
tb [Sat, 31 Aug 2024 09:41:53 +0000 (09:41 +0000)]
Inline NCONF_free_data in its only user

ok beck jsing

2 months agoconst correct uses of CONF_METHOD
tb [Sat, 31 Aug 2024 09:39:31 +0000 (09:39 +0000)]
const correct uses of CONF_METHOD

While not all of this is strictly needed, it was simply incorrect. This
way another global which was modifiable for no good reason becomes const.

ok beck jsing

2 months agoStop using conf->meth_data and make CONF_type_default const
tb [Sat, 31 Aug 2024 09:36:38 +0000 (09:36 +0000)]
Stop using conf->meth_data and make CONF_type_default const

Now that we no longer need to hang a poor man's ctype substitute off
the conf structure, we can get rid of the otherwise unused meth_data
member. This allows us to const correct CONF_type_default. Hopefully
we can remove it soon.

ok beck jsing

2 months agoRemove NCONF_WIN32
tb [Sat, 31 Aug 2024 09:34:05 +0000 (09:34 +0000)]
Remove NCONF_WIN32

Undocumented and entirely unused. Gets rid of a big, modifiable, global
table.

ok beck jsing

2 months agosync
tb [Sat, 31 Aug 2024 09:29:32 +0000 (09:29 +0000)]
sync

2 months agoRetire conf_api.h and the API therein
tb [Sat, 31 Aug 2024 09:29:03 +0000 (09:29 +0000)]
Retire conf_api.h and the API therein

This makes the _CONF_* layer of the conf module internal and gets rid
of the entirely unused conf_api.h.

ok beck jsing

2 months agoUnexport some conf layers unused outside of libcrypto
tb [Sat, 31 Aug 2024 09:26:18 +0000 (09:26 +0000)]
Unexport some conf layers unused outside of libcrypto

imodules are called imodules because they contain Information about
modules that have been Initialized. Which one of these two I it is
is anyone's best guess. Why anything outside of libcrypto would ever
possibly care will also remain a mystery.

Remove the old way of adding a conf module, user data, stop allowing
to set a method (it's opaque now, remember?) and drop a couple bits
more from the public api interface.

ok beck jsing

2 months agoMake CONF_METHOD opaque
tb [Sat, 31 Aug 2024 09:21:44 +0000 (09:21 +0000)]
Make CONF_METHOD opaque

Much of conf is designed in such a way that you really have to reach into
its structs. This one piece can be hidden. It might even be removed soon.

ok beck jsing

2 months agoRemove unused {,N}CONF_dump_{bio,fp}()
tb [Sat, 31 Aug 2024 09:18:00 +0000 (09:18 +0000)]
Remove unused {,N}CONF_dump_{bio,fp}()

It's time to start removing some horrors from the conf/ garbage. If the
current top layer wasn't terrible enough, you could always slap another
one on top of it and it would then be truly marvellous.

ok beck jsing

2 months agoRemove EVP_PKEY_*check again
tb [Sat, 31 Aug 2024 09:14:21 +0000 (09:14 +0000)]
Remove EVP_PKEY_*check again

This API turned out to be a really bad idea. OpenSSL 3 extended it, with
the result that basically every key type had its own DoS issues fixed in
a recent security release. We eschewed these by having some upper bounds
that kick in when keys get insanely large.

Initially added on tobhe's request who fortunately never used it in iked,
this was picked up only by ruby/openssl (one of the rare projects doing
proper configure checks rather than branching on VERSION defines) and of
course xca, since it uses everything it can. So it was easy to get rid of
this again.

ok beck jsing

2 months agosync
tb [Sat, 31 Aug 2024 09:07:25 +0000 (09:07 +0000)]
sync

2 months agoRetire the whirlpool test
tb [Sat, 31 Aug 2024 08:24:02 +0000 (08:24 +0000)]
Retire the whirlpool test

2 months agounhook whirlpool from the tree
tb [Sat, 31 Aug 2024 08:23:32 +0000 (08:23 +0000)]
unhook whirlpool from the tree

2 months agorport(4) for p2p l3 connectivity between route domains.
dlg [Sat, 31 Aug 2024 04:21:45 +0000 (04:21 +0000)]
rport(4) for p2p l3 connectivity between route domains.

2 months agoadd rport(4) for p2p l3 connectivity between route domains.
dlg [Sat, 31 Aug 2024 04:17:14 +0000 (04:17 +0000)]
add rport(4) for p2p l3 connectivity between route domains.

you can basically plug rdomains together and route between them
over rport interfaces. people keep asking me if this is so you can
leak routes between rdomains, and the answer is yes.

this is like pair(4) but cheaper because it avoids all the mucking
around with putting an ethernet header on the mbuf just to take it
off again later, and is more efficient with address space because
it's a p2p ip interface.

it has a small tweak from mvs@
ok denis@ claudio@

2 months agoprovide an example config for ikev1 with isakmpd and ipsecctl
dlg [Sat, 31 Aug 2024 00:51:29 +0000 (00:51 +0000)]
provide an example config for ikev1 with isakmpd and ipsecctl

2 months agominor grammar fixes;
jmc [Fri, 30 Aug 2024 20:08:05 +0000 (20:08 +0000)]
minor grammar fixes;

2 months agoSpelling
mglocker [Fri, 30 Aug 2024 18:22:41 +0000 (18:22 +0000)]
Spelling

2 months agoGarbage collect the DH_check*_ex() API
tb [Fri, 30 Aug 2024 17:44:56 +0000 (17:44 +0000)]
Garbage collect the DH_check*_ex() API

This was only needed by the EVP_PKEY_*check() API, which was defanged. So
this silly garbage can now go: it translated flags to errors on the error
stack so that openssl *check could print ugly errors while DoS-ing the
user.

ok beck

2 months agoAdd and use local copy of X509V3_add_value()
tb [Fri, 30 Aug 2024 17:26:44 +0000 (17:26 +0000)]
Add and use local copy of X509V3_add_value()

The public API will be removed. This fixes its only consumer.

2 months agoa few people have bugged me for an example. hopefully this is enough.
dlg [Fri, 30 Aug 2024 13:09:10 +0000 (13:09 +0000)]
a few people have bugged me for an example. hopefully this is enough.

2 months agotweak the example to use veb instead of bridge.
dlg [Fri, 30 Aug 2024 09:39:07 +0000 (09:39 +0000)]
tweak the example to use veb instead of bridge.

2 months agotry and keep in line with language used in other manual pages.
dlg [Fri, 30 Aug 2024 08:37:59 +0000 (08:37 +0000)]
try and keep in line with language used in other manual pages.

while i'm here, try and unbundle some of the configuration and
concepts. etherip interfaces can work fine as point to point ethernet
tunnels, they do not need to be configured as part of bridge(4) to
work. ipsec can be configured to protect etherip traffic independently
of whether it's part of a bridge too.

2 months agoprefer "IPv4 and IPv6" over "IP[46]".
dlg [Fri, 30 Aug 2024 07:25:55 +0000 (07:25 +0000)]
prefer "IPv4 and IPv6" over "IP[46]".

2 months agouse strtonum() to parse numeric option values instead of atoi()
op [Fri, 30 Aug 2024 07:11:02 +0000 (07:11 +0000)]
use strtonum() to parse numeric option values instead of atoi()

looks reasonable to deraadt
ok/improvements bluhm@

2 months agoRemove cross references to whirlpool
tb [Fri, 30 Aug 2024 07:03:19 +0000 (07:03 +0000)]
Remove cross references to whirlpool

2 months agozap line missed in previous removal; ok tb
jmc [Fri, 30 Aug 2024 06:05:10 +0000 (06:05 +0000)]
zap line missed in previous removal; ok tb

2 months agoAdjust freenull test for upcoming conf_api.h removal
tb [Fri, 30 Aug 2024 05:00:38 +0000 (05:00 +0000)]
Adjust freenull test for upcoming conf_api.h removal

2 months agodrm/amdgpu/vcn: not pause dpg for unified queue
jsg [Fri, 30 Aug 2024 04:25:22 +0000 (04:25 +0000)]
drm/amdgpu/vcn: not pause dpg for unified queue

From Boyuan Zhang
c6372cbd919b57d3b426938b7262ee1fb5be34e2 in linux-6.6.y/6.6.48
7d75ef3736a025db441be652c8cc8e84044a215f in mainline linux

2 months agodrm/amdgpu/vcn: identify unified queue in sw init
jsg [Fri, 30 Aug 2024 04:22:59 +0000 (04:22 +0000)]
drm/amdgpu/vcn: identify unified queue in sw init

From Boyuan Zhang
44bb8f18a63b8f2c8e089558c00e8e45bc4b0346 in linux-6.6.y/6.6.48
ecfa23c8df7ef3ea2a429dfe039341bf792e95b4 in mainline linux

2 months agodrm/amdgpu: Validate TA binary size
jsg [Fri, 30 Aug 2024 04:20:12 +0000 (04:20 +0000)]
drm/amdgpu: Validate TA binary size

From Candice Li
50553ea7cbd3344fbf40afb065f6a2d38171c1ad in linux-6.6.y/6.6.48
c99769bceab4ecb6a067b9af11f9db281eea3e2a in mainline linux

2 months agodrm/amdkfd: reserve the BO before validating it
jsg [Fri, 30 Aug 2024 04:18:07 +0000 (04:18 +0000)]
drm/amdkfd: reserve the BO before validating it

From Lang Yu
9b707444bebce5326b8eae5401a2dce55626f8f2 in linux-6.6.y/6.6.48
0c93bd49576677ae1a18817d5ec000ef031d5187 in mainline linux

2 months agodrm/amd/amdgpu: command submission parser for JPEG
jsg [Fri, 30 Aug 2024 04:14:46 +0000 (04:14 +0000)]
drm/amd/amdgpu: command submission parser for JPEG

From David (Ming Qiang) Wu
114858d713825415de1099bc842cc4c615d89547 in linux-6.6.y/6.6.48
470516c2925493594a690bc4d05b1f4471d9f996 in mainline linux

2 months agodrm/amd/display: fix cursor offset on rotation 180
jsg [Fri, 30 Aug 2024 04:10:43 +0000 (04:10 +0000)]
drm/amd/display: fix cursor offset on rotation 180

From Melissa Wen
a50a25dc0ce05cb3bdb1154fc7d64117a43de9f5 in linux-6.6.y/6.6.48
737222cebecbdbcdde2b69475c52bcb9ecfeb830 in mainline linux

2 months agodrm/amd/display: Enable otg synchronization logic for DCN321
jsg [Fri, 30 Aug 2024 04:07:57 +0000 (04:07 +0000)]
drm/amd/display: Enable otg synchronization logic for DCN321

From Loan Chen
6490f063d54b1a19bd97ac22e88ff8b8073cc271 in linux-6.6.y/6.6.48
0dbb81d44108a2a1004e5b485ef3fca5bc078424 in mainline linux

2 months agodrm/amd/display: Adjust cursor position
jsg [Fri, 30 Aug 2024 04:05:36 +0000 (04:05 +0000)]
drm/amd/display: Adjust cursor position

From Rodrigo Siqueira
d15fc910b618cc8c574e66adb29be7da9cb9c6e3 in linux-6.6.y/6.6.48
56fb276d0244d430496f249335a44ae114dd5f54 in mainline linux

2 months agodrm/amdgpu: fix dereference null return value for the function amdgpu_vm_pt_parent
jsg [Fri, 30 Aug 2024 04:03:30 +0000 (04:03 +0000)]
drm/amdgpu: fix dereference null return value for the function amdgpu_vm_pt_parent

From Jesse Zhang
3cc03d1dbdcf88d3c05578c286a2e8a07befac93 in linux-6.6.y/6.6.48
511a623fb46a6cf578c61d4f2755783c48807c77 in mainline linux

2 months agodrm/amdkfd: Move dma unmapping after TLB flush
jsg [Fri, 30 Aug 2024 04:00:30 +0000 (04:00 +0000)]
drm/amdkfd: Move dma unmapping after TLB flush

From Philip Yang
14fafdfdadf987e260adb3f807f5f1b5b21f0170 in linux-6.6.y/6.6.48
101b8104307eac734f2dfa4d3511430b0b631c73 in mainline linux

2 months agodrm/amdgpu: access RLC_SPM_MC_CNTL through MMIO in SRIOV runtime
jsg [Fri, 30 Aug 2024 03:56:55 +0000 (03:56 +0000)]
drm/amdgpu: access RLC_SPM_MC_CNTL through MMIO in SRIOV runtime

From ZhenGuo Yin
ec71cc24b0d4cd0091fbb427bef1a6d3655793ca in linux-6.6.y/6.6.48
9f05cfc78c6880e06940ea78fbc43f6392710f17 in mainline linux

2 months agodrm/amd/amdgpu/imu_v11_0: Increase buffer size to ensure all possible values can...
jsg [Fri, 30 Aug 2024 03:52:18 +0000 (03:52 +0000)]
drm/amd/amdgpu/imu_v11_0: Increase buffer size to ensure all possible values can be stored

From Lee Jones
695f692bcd72b5bd188a9ae903d2a3ec99df467c in linux-6.6.y/6.6.48
a728342ae4ec2a7fdab0038b11427579424f133e in mainline linux

2 months agodrm/amd/pm: fix error flow in sensor fetching
jsg [Fri, 30 Aug 2024 03:49:12 +0000 (03:49 +0000)]
drm/amd/pm: fix error flow in sensor fetching

From Alex Deucher
51e4630ef0d19ad7638762f06e1351c5dcc0c420 in linux-6.6.y/6.6.48
a5600853167aeba5cade81f184a382a0d1b14641 in mainline linux

2 months agodrm/amdgpu/jpeg4: properly set atomics vmid field
jsg [Fri, 30 Aug 2024 03:46:49 +0000 (03:46 +0000)]
drm/amdgpu/jpeg4: properly set atomics vmid field

From Alex Deucher
09717678737b942159daebe6094134568dd28d1c in linux-6.6.y/6.6.48
e6c6bd6253e792cee6c5c065e106e87b9f0d9ae9 in mainline linux

2 months agoRevert commitid KcCtsA53F9UQzc0t:
guenther [Fri, 30 Aug 2024 03:44:48 +0000 (03:44 +0000)]
Revert commitid KcCtsA53F9UQzc0t:
"Make exit(), fclose(), fflush(), and freopen() comply with POSIX-2008
 requirements for setting the underlying file position when flushing
 read-mode streams, and make an fseek()-after-fflush() not change the
 underlying file position."

Something isn't correct about it and it breaks at least initdb from
the postgresql-server package.

discussed with tb@, semarie@, and deraadt@

2 months agodrm/amdgpu/jpeg2: properly set atomics vmid field
jsg [Fri, 30 Aug 2024 03:42:46 +0000 (03:42 +0000)]
drm/amdgpu/jpeg2: properly set atomics vmid field

From Alex Deucher
0e93fa4027cf2324b34b2158d58175c4cd4a2e01 in linux-6.6.y/6.6.48
e414a304f2c5368a84f03ad34d29b89f965a33c9 in mainline linux

2 months agodrm/amdgpu: Actually check flags for all context ops.
jsg [Fri, 30 Aug 2024 03:39:16 +0000 (03:39 +0000)]
drm/amdgpu: Actually check flags for all context ops.

From Bas Nieuwenhuizen
2685a2b9e55db1d0f34dcab863c7cc0842e7df15 in linux-6.6.y/6.6.48
0573a1e2ea7e35bff08944a40f1adf2bb35cea61 in mainline linux

2 months agofix handling of Return-Path
op [Thu, 29 Aug 2024 21:04:16 +0000 (21:04 +0000)]
fix handling of Return-Path

It doesn't handle angular brackets in Return-Path, which are fine
per RFC 5332 (section 3.6.7).

Diff from Sven M. Hallberg with a tiny change by me.

2 months agosync
tb [Thu, 29 Aug 2024 20:26:08 +0000 (20:26 +0000)]
sync

2 months agoRemove documentation of EVP_whirlpool
tb [Thu, 29 Aug 2024 20:25:13 +0000 (20:25 +0000)]
Remove documentation of EVP_whirlpool

2 months agoRemove documentation of ERR_add_error_{,v}data()
tb [Thu, 29 Aug 2024 20:23:21 +0000 (20:23 +0000)]
Remove documentation of ERR_add_error_{,v}data()

2 months agoHMAC_Init() is dead. Long live HMAC_Init_ex()
tb [Thu, 29 Aug 2024 20:21:53 +0000 (20:21 +0000)]
HMAC_Init() is dead. Long live HMAC_Init_ex()

2 months agoRemove documentation of (caveat on) X509_TRUST_DEFAULT
tb [Thu, 29 Aug 2024 20:21:10 +0000 (20:21 +0000)]
Remove documentation of (caveat on) X509_TRUST_DEFAULT

Sadly, it's going to go away before ever having become the default.

2 months agoHide all EPT-related bits behind #ifdef in amd64 pmap.
dv [Thu, 29 Aug 2024 20:13:42 +0000 (20:13 +0000)]
Hide all EPT-related bits behind #ifdef in amd64 pmap.

A few functions and symbols were included in non-VMM builds. This
tucks more of them behind the "#ifdef NVMM > 0" check and cleans
up RAMDISK kernels.

ok mpi@, feedback from chris@

2 months agoDisable hmac and pkey_ec tests until after the bump
tb [Thu, 29 Aug 2024 17:16:40 +0000 (17:16 +0000)]
Disable hmac and pkey_ec tests until after the bump

2 months agoAdjust documentation for check/pubcheck removal
tb [Thu, 29 Aug 2024 17:01:40 +0000 (17:01 +0000)]
Adjust documentation for check/pubcheck removal

ok beck

2 months agoRemove check and pubcheck from openssl pkey and pkeyparam
tb [Thu, 29 Aug 2024 17:01:02 +0000 (17:01 +0000)]
Remove check and pubcheck from openssl pkey and pkeyparam

The underlying API will be removed, so these commands have to go.

ok beck

2 months agoRemove the pkey_{,public_,param_}check() handlers
tb [Thu, 29 Aug 2024 16:58:19 +0000 (16:58 +0000)]
Remove the pkey_{,public_,param_}check() handlers

This disables the EVP_PKEY_*check() API and makes it fail (more precisely
indicate lack of support) on all key types.

This is an intermediate step to full removal.
Removal is ok beck jsing

2 months agoRemove evp_pkey_check test
tb [Thu, 29 Aug 2024 16:43:52 +0000 (16:43 +0000)]
Remove evp_pkey_check test

The API it tests will be removed shortly

2 months agoIn m_pulldown() replace memmove() with memcpy().
bluhm [Thu, 29 Aug 2024 16:42:30 +0000 (16:42 +0000)]
In m_pulldown() replace memmove() with memcpy().

The memmove() in m_pulldown() copied memory between different mbufs.
So data cannot overlap and memcpy() is enough.

OK claudio@ deraadt@

2 months agoConvert prototypes to new style.
claudio [Thu, 29 Aug 2024 15:18:17 +0000 (15:18 +0000)]
Convert prototypes to new style.
OK millert@

2 months agoUse signal handler safe dprintf() instead of asprintf + write
claudio [Thu, 29 Aug 2024 15:16:43 +0000 (15:16 +0000)]
Use signal handler safe dprintf() instead of asprintf + write
OK millert@

2 months agoUnify proc_parser_* as far as possible and reasonable
tb [Thu, 29 Aug 2024 13:46:28 +0000 (13:46 +0000)]
Unify proc_parser_* as far as possible and reasonable

ok claudio job