openbsd
5 months agoImprove duplicate detection and repo_move_valid
claudio [Fri, 12 Jul 2024 09:27:32 +0000 (09:27 +0000)]
Improve duplicate detection and repo_move_valid

Only trigger a duplicate error if a valid filepath is revisted. It is
possible that a bad CA references somebody else's files and if that
happens first it would block the valid access.

To make this work, pass the ok flag to filepath_add() and only set the
talmask bit if the file was ok. Since we need to do the duplicate check
before processing the entity introduce filepath_valid() which checks
if the path is in the tree and has its talmask bit set.

In repo_move_valid() handle conflicts more gracefully. When both a valid
and temporary file are present assume that one of the files was never ok
(talmask == 0) and silently remove that file from the filepath tree.

OK tb@

5 months agoClean up X509_EXTENSION_create_by_NID()
tb [Fri, 12 Jul 2024 09:25:43 +0000 (09:25 +0000)]
Clean up X509_EXTENSION_create_by_NID()

Remove unnecessary ret parameter and freeing of obj (which looks like
a double free or freeing of unallocated memory but actually isn't due
to various magic flags). Also make this const correct.

ok jsing

5 months agoRun sysctl net.inet.ip.forwarding without net lock.
bluhm [Fri, 12 Jul 2024 09:25:27 +0000 (09:25 +0000)]
Run sysctl net.inet.ip.forwarding without net lock.

The places in packet processing where ip_forwarding is evaluated
have been consolidated.  The remaining pieces in pf test, ip input,
and icmp input do not need consistent information.  If the integer
value is changed by another CPU, it is harmless.
The sysctl syscall sets the value atomically, so add atomic read
in network processing and remove the net lock in sysctl IPCTL_FORWARDING.

OK claudio@ mvs@

5 months agoRewrite X509v3_add_ext()
tb [Fri, 12 Jul 2024 08:58:59 +0000 (08:58 +0000)]
Rewrite X509v3_add_ext()

This is another brilliancy straight out of muppet labs. Overeager and
misguided sprinkling of NULL checks, going through the trademark poor
code review, made this have semantics not matching what almost every
other function with this signature would be doing in OpenSSL land.

This is a long standing mistake we can't fix without introducing
portability traps, but at least annotate it. Simplify the elaborate
dance steps and make this resemble actual code.

ok jsing

5 months agoRename the variable c to ok. It returns if the file failed to parse or not.
claudio [Fri, 12 Jul 2024 08:54:48 +0000 (08:54 +0000)]
Rename the variable c to ok. It returns if the file failed to parse or not.
We need to pass this to filepath_add so lets use a better name.
OK tb@

5 months agoSimplify X509v3_get_ext() and X509v3_delete_ext()
tb [Fri, 12 Jul 2024 08:46:45 +0000 (08:46 +0000)]
Simplify X509v3_get_ext() and X509v3_delete_ext()

Drop unnecessary checks that are part of the stack API.

ok jsing

5 months agoAlign X509v3_get_ext_by_critical() with X509v3_get_ext_by_OBJ()
tb [Fri, 12 Jul 2024 08:44:16 +0000 (08:44 +0000)]
Align X509v3_get_ext_by_critical() with X509v3_get_ext_by_OBJ()

Plus, replace a manual check with a call to X509_EXTENSION_get_critical().

ok jsing

5 months agoClean up X509v3_get_ext_by_OBJ()
tb [Fri, 12 Jul 2024 08:39:54 +0000 (08:39 +0000)]
Clean up X509v3_get_ext_by_OBJ()

Like most of its siblings, this function can be simplified significantly
by making proper use of the API that is being built. Drop unnecessary NULL
checks and other weirdness and add some const correctness.

ok jsing

5 months agoUse dedicated window for access to the PCIe core registers.
kettenis [Fri, 12 Jul 2024 08:33:25 +0000 (08:33 +0000)]
Use dedicated window for access to the PCIe core registers.
Based on a diff from Hector Martin for Asahi Linux.

ok patrick@, tobhe@

5 months agosync
deraadt [Fri, 12 Jul 2024 08:21:07 +0000 (08:21 +0000)]
sync

5 months agoAdd vdoom() to fix ufs/ext2fs re-use of invalid vnode.
beck [Fri, 12 Jul 2024 08:15:19 +0000 (08:15 +0000)]
Add vdoom() to fix ufs/ext2fs re-use of invalid vnode.

This was noticed by syzkiller and analyzed in isolaiton by mbuhl@
and visa@ two years ago. As the kernel has become more unlocked it
has started to appear more and was being hit regularly by jsing@
on the Go builder.

The problem was during reclaim of a inode the corresponding vnode
could be picked up by a vget() by another thread while the inode
was being cleared out in the ufs_inactive routine and the thread running
ufs_inactive slept for i/o. When raced the vnode would then not have
zero use count and would not be cleared out on exit from ufs_inactive
with a dead/invalid vnode being used.

While this could get "fixed" by checking for the race happening
and trying again in the inactive routine, or by adding "yet another
visible vnode locking flag" we choose to add a vdoom() api for the
moment that allows the caller to block future attempts to grab this
vnode until it is cleared out fully with vclean.

Teste by jsing@ on the Go builder and seems to solve the issue.

ok kettenis@, claudio@

5 months agoannotate broken signal handler
deraadt [Fri, 12 Jul 2024 07:22:44 +0000 (07:22 +0000)]
annotate broken signal handler

5 months agouse sigaction() to setup SIGARLM so we can set SA_RESTART, and
deraadt [Fri, 12 Jul 2024 07:15:28 +0000 (07:15 +0000)]
use sigaction() to setup SIGARLM so we can set SA_RESTART, and
remove the re-arming in the handler.  Better than using siginterrupt(),
and avoids the errno saving requirement in the handler also.
ok guenther millert

5 months agoDespite being an ELF citizen, hppa is its own special snowflake and requires
miod [Fri, 12 Jul 2024 05:26:34 +0000 (05:26 +0000)]
Despite being an ELF citizen, hppa is its own special snowflake and requires
different asm stanzas to produce strong aliases.

This unbreaks libssl on hppa after the recent switch to LIBRESSL_NAMESPACE.

5 months agodrm/amdgpu: silence UBSAN warning
jsg [Fri, 12 Jul 2024 04:10:46 +0000 (04:10 +0000)]
drm/amdgpu: silence UBSAN warning

From Alex Deucher
1ba66b121100862fc208848264821a788a79317f in linux-6.6.y/6.6.39
05d9e24ddb15160164ba6e917a88c00907dc2434 in mainline linux

5 months agodrm: panel-orientation-quirks: Add quirk for Valve Galileo
jsg [Fri, 12 Jul 2024 04:07:17 +0000 (04:07 +0000)]
drm: panel-orientation-quirks: Add quirk for Valve Galileo

From John Schoenick
33de7c47a19ab1165ee2404f197de4f7e4848f23 in linux-6.6.y/6.6.39
26746ed40bb0e4ebe2b2bd61c04eaaa54e263c14 in mainline linux

5 months agodrm/amdgpu/atomfirmware: silence UBSAN warning
jsg [Fri, 12 Jul 2024 04:05:29 +0000 (04:05 +0000)]
drm/amdgpu/atomfirmware: silence UBSAN warning

From Alex Deucher
004b7fe6ca8c709e8431b400c3082040b80e59cf in linux-6.6.y/6.6.39
d0417264437a8fa05f894cabba5a26715b32d78e in mainline linux

5 months agodrm/amdgpu: fix the warning about the expression (int)size - len
jsg [Fri, 12 Jul 2024 04:03:31 +0000 (04:03 +0000)]
drm/amdgpu: fix the warning about the expression (int)size - len

From Jesse Zhang
3fac5aecb59336c9ae808a2cf4733f9f185e3fa2 in linux-6.6.y/6.6.39
ea686fef5489ef7a2450a9fdbcc732b837fb46a8 in mainline linux

5 months agodrm/amdgpu: fix uninitialized scalar variable warning
jsg [Fri, 12 Jul 2024 04:01:39 +0000 (04:01 +0000)]
drm/amdgpu: fix uninitialized scalar variable warning

From Tim Huang
7e0fbceae1e671af9d91e338cc8608c9bfb7d2f1 in linux-6.6.y/6.6.39
9a5f15d2a29d06ce5bd50919da7221cda92afb69 in mainline linux

5 months agodrm/amd/display: Fix uninitialized variables in DM
jsg [Fri, 12 Jul 2024 03:59:54 +0000 (03:59 +0000)]
drm/amd/display: Fix uninitialized variables in DM

From Alex Hung
8e5cbc820ab4a0029e0765b47cb2b38354b02527 in linux-6.6.y/6.6.39
f95bcb041f213a5da3da5fcaf73269bd13dba945 in mainline linux

5 months agodrm/amd/display: Skip finding free audio for unknown engine_id
jsg [Fri, 12 Jul 2024 03:58:08 +0000 (03:58 +0000)]
drm/amd/display: Skip finding free audio for unknown engine_id

From Alex Hung
95ad20ee3c4efbb91f9a4ab08e070aa3697f5879 in linux-6.6.y/6.6.39
1357b2165d9ad94faa4c4a20d5e2ce29c2ff29c3 in mainline linux

5 months agodrm/amd/display: Check pipe offset before setting vblank
jsg [Fri, 12 Jul 2024 03:55:50 +0000 (03:55 +0000)]
drm/amd/display: Check pipe offset before setting vblank

From Alex Hung
96bf81cc1bd058bb8af6e755a548e926e934dfd1 in linux-6.6.y/6.6.39
5396a70e8cf462ec5ccf2dc8de103c79de9489e6 in mainline linux

5 months agodrm/amd/display: Check index msg_id before read or write
jsg [Fri, 12 Jul 2024 03:53:50 +0000 (03:53 +0000)]
drm/amd/display: Check index msg_id before read or write

From Alex Hung
9933eca6ada0cd612e19522e7a319bcef464c0eb in linux-6.6.y/6.6.39
59d99deb330af206a4541db0c4da8f73880fba03 in mainline linux

5 months agodrm/amdgpu: Initialize timestamp for some legacy SOCs
jsg [Fri, 12 Jul 2024 03:52:00 +0000 (03:52 +0000)]
drm/amdgpu: Initialize timestamp for some legacy SOCs

From Ma Jun
e55077badb9054630856cbefc099ad148a446648 in linux-6.6.y/6.6.39
2e55bcf3d742a4946d862b86e39e75a95cc6f1c0 in mainline linux

5 months agodrm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc
jsg [Fri, 12 Jul 2024 03:50:23 +0000 (03:50 +0000)]
drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc

From Jesse Zhang
855ae72c20310e5402b2317fc537d911e87537ef in linux-6.6.y/6.6.39
88a9a467c548d0b3c7761b4fd54a68e70f9c0944 in mainline linux

5 months agodrm/amdgpu: Fix uninitialized variable warnings
jsg [Fri, 12 Jul 2024 03:48:26 +0000 (03:48 +0000)]
drm/amdgpu: Fix uninitialized variable warnings

From Ma Jun
646e13f0a65b1930a4fa838f31bf763dbb4307a3 in linux-6.6.y/6.6.39
60c448439f3b5db9431e13f7f361b4074d0e8594 in mainline linux

5 months agoDespite being an ELF citizen, hppa is its own special snowflake and requires
miod [Thu, 11 Jul 2024 21:31:52 +0000 (21:31 +0000)]
Despite being an ELF citizen, hppa is its own special snowflake and requires
different asm stanzas to produce strong aliases.

This unbreaks libcrypto (and thus ssh, among other things) on hppa after the
recent switch to LIBRESSL_CRYPTO_NAMESPACE.

5 months agoUpdate the example because now npppd can be a DAE server.
yasuoka [Thu, 11 Jul 2024 14:14:56 +0000 (14:14 +0000)]
Update the example because now npppd can be a DAE server.

5 months agoUse atomic operations to access integers in sysctl(2).
bluhm [Thu, 11 Jul 2024 14:11:55 +0000 (14:11 +0000)]
Use atomic operations to access integers in sysctl(2).

In sysctl_int_bounded() use atomic operations to load, store, or
swap integer values.  By using volatile pointers this will result
in a single assembly instruction, no matter how over optimizing
compilers will become.  Note that this does not solve data dependency
problems, nor MP problems in the kernel code using these integers.
For full MP safety additional considerations, memory barriers, or
locks will be needed where the values are used.  But for simple
integer in- and output volatile is enough.  If new and old value
pointers are given to sysctl, atomic swapping guarantees that
userlands sees the same old value only once.  There are more
sysctl_int() functions that have to be adapted.

OK deraadt@ kettenis@

5 months agoAdd Dynamic Authorization Extensions (DAE) for RADIUS server feature
yasuoka [Thu, 11 Jul 2024 14:05:59 +0000 (14:05 +0000)]
Add Dynamic Authorization Extensions (DAE) for RADIUS server feature
to npppd.  It can be configured now so that it accepts disconnect
requests and this works together with radiusd_ipcp(8) module.  Also
"nas-id" becomes configurable.

5 months agoAdjust regress to match changes in SSL_select_next_proto() args
tb [Thu, 11 Jul 2024 13:51:47 +0000 (13:51 +0000)]
Adjust regress to match changes in SSL_select_next_proto() args

5 months agoAdjust documentation for SSL_select_next_proto()
tb [Thu, 11 Jul 2024 13:50:44 +0000 (13:50 +0000)]
Adjust documentation for SSL_select_next_proto()

Use better argument names, add a link to the relevant standards and add
CAVEATS and BUGS sections pointing out a few pitfalls.

discussed with davidben
ok beck

5 months agoFollow BoringSSL's nomenclature in SSL_select_next_proto()
tb [Thu, 11 Jul 2024 13:48:52 +0000 (13:48 +0000)]
Follow BoringSSL's nomenclature in SSL_select_next_proto()

SSL_select_next_poto() was written with NPN in mind. NPN has a weird
fallback mechanism which is baked into the API. This is makes no sense
for ALPN, where the API behavior is undesirable since it a server
should not end up choosing a protocol it doesn't (want to) support.
Arguably, ALPN should simply have had its own API for protocol selection
supporting the proper semantics, instead of shoehorning an NPN API into
working for ALPN.

Commit https://boringssl-review.googlesource.com/c/boringssl/+/17206/
renamed the arguments to work for both NPN and ALPN, with the slight
downside of honoring client preference instead of the SHOULD in
RFC 7301, section 3.2. This grates for most consumers in the wild,
but so be it. The behavior is saner and safer.

discussed with davidben
ok beck

5 months agoMake sure we are interested in an interface that shows up.
florian [Thu, 11 Jul 2024 13:38:03 +0000 (13:38 +0000)]
Make sure we are interested in an interface that shows up.

5 months agoAdd more attributes to Disconnect-Request following the RFC's
yasuoka [Thu, 11 Jul 2024 13:29:08 +0000 (13:29 +0000)]
Add more attributes to Disconnect-Request following the RFC's
suggestions.  Also nas_ipv6 wasn't stored by a mistake.

5 months agoDocument new font module variables MODFONT_FONTFILES and MODFONT_FONTDIR.
bentley [Thu, 11 Jul 2024 12:55:33 +0000 (12:55 +0000)]
Document new font module variables MODFONT_FONTFILES and MODFONT_FONTDIR.

ok sthen@

5 months agoTurn FBINFO_xxx defines into proper flags. Gets rid of an unwanted
kettenis [Thu, 11 Jul 2024 12:39:53 +0000 (12:39 +0000)]
Turn FBINFO_xxx defines into proper flags.  Gets rid of an unwanted
warning introduced by a recent commit to drm_fbdev_dma.c.

ok jsg@

5 months agosync
deraadt [Thu, 11 Jul 2024 12:15:25 +0000 (12:15 +0000)]
sync

5 months agoUse FEAT_RNG to feed entropy into the random subsystem like we do on amd64.
kettenis [Thu, 11 Jul 2024 12:07:39 +0000 (12:07 +0000)]
Use FEAT_RNG to feed entropy into the random subsystem like we do on amd64.

ok patrick@, deraadt@

5 months agoBe a bit more noisy in syslog on what is going on.
florian [Thu, 11 Jul 2024 10:48:51 +0000 (10:48 +0000)]
Be a bit more noisy in syslog on what is going on.

So far dhcp6leased(8) has been completely silent.
Prodding by Brian Conway.

5 months agoWrite lease after we configured prefixes.
florian [Thu, 11 Jul 2024 10:38:57 +0000 (10:38 +0000)]
Write lease after we configured prefixes.

While here, do not claim we have a ::/0 lease, it confuses the parser.

5 months agoDo not show expired lease information in dhcp6leasectl.
florian [Thu, 11 Jul 2024 10:37:47 +0000 (10:37 +0000)]
Do not show expired lease information in dhcp6leasectl.

5 months agosync
deraadt [Thu, 11 Jul 2024 09:41:07 +0000 (09:41 +0000)]
sync

5 months agoForgot to initialize status_code in previous.
florian [Thu, 11 Jul 2024 09:39:13 +0000 (09:39 +0000)]
Forgot to initialize status_code in previous.

No STATUS_CODE option from the server means "success", but we are now
using stack garbage, which is usually not "success".

5 months agoumoddi3.c is now needed for libz
deraadt [Thu, 11 Jul 2024 07:40:03 +0000 (07:40 +0000)]
umoddi3.c is now needed for libz

5 months agocorrect keyword; from Yatao Su via GHPR509
djm [Wed, 10 Jul 2024 21:58:34 +0000 (21:58 +0000)]
correct keyword; from Yatao Su via GHPR509

5 months agoAllow pfIfTable to have more than 64 entries.
martijn [Wed, 10 Jul 2024 20:33:31 +0000 (20:33 +0000)]
Allow pfIfTable to have more than 64 entries.
Taken from pfctl_table.c r1.85 by sashan@

OK tb@

5 months agoFix the problem that it breaks the event timer because there is no
yasuoka [Wed, 10 Jul 2024 18:59:10 +0000 (18:59 +0000)]
Fix the problem that it breaks the event timer because there is no
consideration for new disconnect requests during requesting DAE.  The
ipcp module didn't send a DAE request again once DAE request failed.
Also fix log messages.

5 months agoExtend DMA constraints override to include all SC8280XP and X1E80100 based
patrick [Wed, 10 Jul 2024 18:46:42 +0000 (18:46 +0000)]
Extend DMA constraints override to include all SC8280XP and X1E80100 based
machines.  The shipped hardware containing ath11k and ath12k WiFi cards all
need to have 32-bit DMA constraints enforced.

ok kettenis@

5 months agoFix memory leaks, a use after free, accessing outside the region
yasuoka [Wed, 10 Jul 2024 16:30:43 +0000 (16:30 +0000)]
Fix memory leaks, a use after free, accessing outside the region
introduced by recent commits.  Found by malloc(3).

5 months agoZap warning against __findenv usage, it is not exported by libc
jca [Wed, 10 Jul 2024 14:17:58 +0000 (14:17 +0000)]
Zap warning against __findenv usage, it is not exported by libc

The comment probably made sense before guenther restricted the symbols
exported by libc in 2015.

5 months agoRemove the static symbols.namespace, and just generate the _libre_
beck [Wed, 10 Jul 2024 13:30:14 +0000 (13:30 +0000)]
Remove the static symbols.namespace, and just generate the _libre_
symbols from symbols.list now that we have everything hidden

ok tb@

5 months agoAdd flags NOPERM, STALLED, SWAPPABLE, DOOMED to -v output.
krw [Wed, 10 Jul 2024 13:29:23 +0000 (13:29 +0000)]
Add flags NOPERM, STALLED, SWAPPABLE, DOOMED to -v output.

Brings -v output into line with MNT_BITS used in vfs_mount_print().

ok deraadt@

5 months agoTeach symbols test about the namespace
tb [Wed, 10 Jul 2024 13:11:22 +0000 (13:11 +0000)]
Teach symbols test about the namespace

This ensures that when adding public symbols, the magic is not omitted.

with/ok beck

5 months agoPass status option up.
florian [Wed, 10 Jul 2024 12:52:51 +0000 (12:52 +0000)]
Pass status option up.

If we are in state "renewing" and the DHCPv6 server returns an
unsuccessful status go to "rebinding", i.e. ask any DHCPv6 server for
a lease not just the one we got the lease from.

This likely fixes a problem reported by Brian Conway where the ISP
returned "NoBinding - Prefix not bound to this interface." for a renew.
dhcp6leased recovered once T1 expired and we went to "rebinding" after
some time.

5 months agoPass int to the *2str functions, we don't need anything fancy.
florian [Wed, 10 Jul 2024 12:44:46 +0000 (12:44 +0000)]
Pass int to the *2str functions, we don't need anything fancy.

5 months agoUse AMD SEV C-bit in inital page tables setup by locore0.
bluhm [Wed, 10 Jul 2024 12:36:13 +0000 (12:36 +0000)]
Use AMD SEV C-bit in inital page tables setup by locore0.

Similar to the NX-bit apply the C-bit to the PTEs built by locore0.
Right now, pg_crypt is initialized to 0, so nothing will change.

from hshoexer@; OK mlarkin@

5 months agoKill the runfast and run label and inline those bits. No functional change.
claudio [Wed, 10 Jul 2024 12:28:46 +0000 (12:28 +0000)]
Kill the runfast and run label and inline those bits. No functional change.
OK mpi@

5 months agoImplement support for deeper idle states offered by PSCI. Reduces the
kettenis [Wed, 10 Jul 2024 11:01:24 +0000 (11:01 +0000)]
Implement support for deeper idle states offered by PSCI.  Reduces the
idle power usage of the Vivobook S15 by almost 50%.

ok patrick@

5 months agoHook up the Qualcomm UEFI Secure Application that handles EFI variables to
kettenis [Wed, 10 Jul 2024 10:53:55 +0000 (10:53 +0000)]
Hook up the Qualcomm UEFI Secure Application that handles EFI variables to
efi(4) such that we can access EFI variables through ioctls on /dev/efi.

ok patrick@

5 months agoMissed some files in previous commit to split vmd into mi/md.
dv [Wed, 10 Jul 2024 10:41:19 +0000 (10:41 +0000)]
Missed some files in previous commit to split vmd into mi/md.

Forgot `cvs add` and sys/dev/vmm/vmm.h changes.

5 months agosync
deraadt [Wed, 10 Jul 2024 10:34:40 +0000 (10:34 +0000)]
sync

5 months agoOnly vis(3) the option, not the rest of the packet.
florian [Wed, 10 Jul 2024 10:30:46 +0000 (10:30 +0000)]
Only vis(3) the option, not the rest of the packet.

Lots of head scratching and help from the hackroom ensued because of a
inconveniently placed \r that truncated a string and placed garbage at
a weird place.

5 months agoforgot to add a history section for the TLS PRF API
tb [Wed, 10 Jul 2024 10:22:03 +0000 (10:22 +0000)]
forgot to add a history section for the TLS PRF API

5 months agouse better endian swaps for populating the irq map request
jmatthew [Wed, 10 Jul 2024 09:50:28 +0000 (09:50 +0000)]
use better endian swaps for populating the irq map request

from NetBSD's if_iavf.c r1.1

5 months agoSplit vmd into mi/md parts.
dv [Wed, 10 Jul 2024 09:27:32 +0000 (09:27 +0000)]
Split vmd into mi/md parts.

Makes as much of the core of vmd mi, pushing x86-isms into separate
compilation units. Adds build logic for arm64, but no emulation
yet. (You can build vmd, but it won't have a vmm device to connect
to.)

Some more cleanup probably needed around interrupt controller
abstraction, but that can come as we implement more than the i8259.

ok mlarkin@

5 months agoSweep up more softdep crumbs.
krw [Wed, 10 Jul 2024 09:24:03 +0000 (09:24 +0000)]
Sweep up more softdep crumbs.

Nuke #if notyet/#endif chunks containing references to never defined
STATFS_SOFTUPD;

ok otto@

5 months agoSweep up more softdep crumbs.
krw [Wed, 10 Jul 2024 09:20:33 +0000 (09:20 +0000)]
Sweep up more softdep crumbs.

FFS_SOFTUPDATES is no longer used. Remove stray defined(FFS_SOFTUPDATES) checks
and an #if/#endif block referencing no longer defined softdep_fsync().

ok otto@

5 months agoiaq_datalen is 16 bits, so always use htole16 to populate it
jmatthew [Wed, 10 Jul 2024 09:14:50 +0000 (09:14 +0000)]
iaq_datalen is 16 bits, so always use htole16 to populate it

from NetBSD's if_iavf.c r1.2

5 months agoSweep up another softdep crumb.
krw [Wed, 10 Jul 2024 09:12:11 +0000 (09:12 +0000)]
Sweep up another softdep crumb.

Remove #if notyet/#endif chunk that references the never-defined STATFS_SOFTUPD.

ok jsg@

5 months agosync
tb [Wed, 10 Jul 2024 08:52:12 +0000 (08:52 +0000)]
sync

5 months agolink EVP_PKEY_CTX_set_tls1_prf_md.3 to build
tb [Wed, 10 Jul 2024 08:51:28 +0000 (08:51 +0000)]
link EVP_PKEY_CTX_set_tls1_prf_md.3 to build

5 months agoImport EVP_PKEY_CTX_set_tls1_prf_md.3 from OpenSSL 1.1.1
tb [Wed, 10 Jul 2024 08:49:48 +0000 (08:49 +0000)]
Import EVP_PKEY_CTX_set_tls1_prf_md.3 from OpenSSL 1.1.1

With only slight application of color to this entelodont's lips. It's the
usual deal - hard to say what's worse, the code or its docs...

5 months agoas per if_ixl.c r1.88, protect the admin queue with a muteX
jmatthew [Wed, 10 Jul 2024 08:48:20 +0000 (08:48 +0000)]
as per if_ixl.c r1.88, protect the admin queue with a muteX
cVS: ----------------------------------------------------------------------

5 months agoIncluding kdf.h isn't enough, you also need evp.h
tb [Wed, 10 Jul 2024 07:57:37 +0000 (07:57 +0000)]
Including kdf.h isn't enough, you also need evp.h

It will be a cold day in hell before I see an OpenSSL manpage without
mistakes in it.

5 months agocorrect some Broadcom adapter model numbers that I mistyped
jmatthew [Wed, 10 Jul 2024 07:56:21 +0000 (07:56 +0000)]
correct some Broadcom adapter model numbers that I mistyped

from Bryan Vyhmeister

5 months agoUnwrap two lines
tb [Wed, 10 Jul 2024 06:53:27 +0000 (06:53 +0000)]
Unwrap two lines

5 months agoremove stray ".Xc";
jmc [Wed, 10 Jul 2024 05:41:34 +0000 (05:41 +0000)]
remove stray ".Xc";

5 months agogrammar tweak;
jmc [Wed, 10 Jul 2024 05:40:08 +0000 (05:40 +0000)]
grammar tweak;

5 months agogrammar/macro/spelling fixes;
jmc [Wed, 10 Jul 2024 05:39:25 +0000 (05:39 +0000)]
grammar/macro/spelling fixes;

5 months agoan universal -> a universal
jmc [Wed, 10 Jul 2024 05:19:02 +0000 (05:19 +0000)]
an universal -> a universal

5 months agoPrepare pmap for using the AMD SEV C-bit to encrypt guest memory.
bluhm [Tue, 9 Jul 2024 19:11:06 +0000 (19:11 +0000)]
Prepare pmap for using the AMD SEV C-bit to encrypt guest memory.

The C-bit in a page table entry is used by a SEV guest to specify,
which pages are to be encrypted and which not.  The latter is needed
to share pages with the hypervisor for virtio(4).
The actual position of the C-bit within a PTE is CPU implementation
dependend and needs to be determined dynamically at system boot.
The position of the C-bit also determines the actual size of page
frame mask.  This will be provided by a separate change.
To be able to use the same kernel as both host and guest, the C-bit
is provided as variable similar to the NX-bit.  Same holds for the
page frame masks.
Right now, pg_crypt is set to 0, pg_frame an pg_lgframe to PG_FRAME
and PG_LGFRAME respectively.  Thus the kernel works as a host system
same as before.
Also introduce a PMAP_NOCRYPT flag.  A guest will use this with
busdma to establish unencrypted mappings that can be shared with
the hypervisor.

from hshoexer@; OK mlarkin@

5 months agombuf.9: Add missing fields, fix order and spacing.
jan [Tue, 9 Jul 2024 18:56:54 +0000 (18:56 +0000)]
mbuf.9: Add missing fields, fix order and spacing.

fine by jmc@
sure mvs@

5 months agovmd(8): Avoid double DHCP reply when using the internal dhcp server.
jan [Tue, 9 Jul 2024 18:49:05 +0000 (18:49 +0000)]
vmd(8): Avoid double DHCP reply when using the internal dhcp server.

DHCP request should no leave vmd if its answered internally.

ok dv@

5 months agoAdd another empty line
tb [Tue, 9 Jul 2024 17:58:36 +0000 (17:58 +0000)]
Add another empty line

5 months agoTurn tls1_prf_alg() into single exit
tb [Tue, 9 Jul 2024 17:56:41 +0000 (17:56 +0000)]
Turn tls1_prf_alg() into single exit

requested by jsing on review
ok beck

5 months agoUnwrap a few more lines
tb [Tue, 9 Jul 2024 17:47:20 +0000 (17:47 +0000)]
Unwrap a few more lines

5 months agoUnwrap a couple of lines
tb [Tue, 9 Jul 2024 17:46:32 +0000 (17:46 +0000)]
Unwrap a couple of lines

5 months agoAlign math with t1_enc.c
tb [Tue, 9 Jul 2024 17:44:18 +0000 (17:44 +0000)]
Align math with t1_enc.c

suggested by jsing on review

5 months agoMinor cosmetics in pkey_tls1_prf_derive()
tb [Tue, 9 Jul 2024 17:35:55 +0000 (17:35 +0000)]
Minor cosmetics in pkey_tls1_prf_derive()

noticed by jsing on review

5 months agoFix a typo
yasuoka [Tue, 9 Jul 2024 17:34:10 +0000 (17:34 +0000)]
Fix a typo

5 months agoReplace explicit_bzero() plus free() with freezero()
tb [Tue, 9 Jul 2024 17:29:51 +0000 (17:29 +0000)]
Replace explicit_bzero() plus free() with freezero()

This is simpler, if slightly more expensive

5 months agoAdd radiusd_ipcp(8). A module which provides IP configuration through
yasuoka [Tue, 9 Jul 2024 17:26:14 +0000 (17:26 +0000)]
Add radiusd_ipcp(8).  A module which provides IP configuration through
RADIUS Access-Accept messages and manages IP address pool through
RADIUS accounting messages.

5 months agoImprove test coverage for TLS1-PRF
tb [Tue, 9 Jul 2024 17:24:12 +0000 (17:24 +0000)]
Improve test coverage for TLS1-PRF

This is basically a copy of the libssl unit tests, moved to libcrypto to
avoid starting the infection of libssl with this particular piece of EVP
garbage.

5 months agoAdd a minimal regress test for TLS1-PRF
tb [Tue, 9 Jul 2024 17:09:23 +0000 (17:09 +0000)]
Add a minimal regress test for TLS1-PRF

5 months agoShuffle things into a more sensible order
tb [Tue, 9 Jul 2024 17:05:46 +0000 (17:05 +0000)]
Shuffle things into a more sensible order

no functional change

5 months agoUse better order in EVP_PKEY_CTRL_TLS_SECRET
tb [Tue, 9 Jul 2024 17:04:50 +0000 (17:04 +0000)]
Use better order in EVP_PKEY_CTRL_TLS_SECRET

Also avoid an unnecessary NULL check.

5 months agoAdd tls1_prf_pkey_meth to pkey_methods
tb [Tue, 9 Jul 2024 17:02:29 +0000 (17:02 +0000)]
Add tls1_prf_pkey_meth to pkey_methods

ok jsing

5 months agoMake a NULL check explicit
tb [Tue, 9 Jul 2024 17:01:40 +0000 (17:01 +0000)]
Make a NULL check explicit

5 months agoZap or align some ugly comments
tb [Tue, 9 Jul 2024 17:00:59 +0000 (17:00 +0000)]
Zap or align some ugly comments