jsg [Mon, 29 Jan 2024 01:42:34 +0000 (01:42 +0000)]
drivers/amd/pm: fix a use-after-free in kv_parse_power_table
From Zhipeng Lu
95084632a65d5c0d682a83b55935560bdcd2a1e3 in linux-6.6.y/6.6.14
28dd788382c43b330480f57cd34cde0840896743 in mainline linux
jsg [Mon, 29 Jan 2024 01:40:59 +0000 (01:40 +0000)]
drm/amd/pm: fix a double-free in si_dpm_init
From Zhipeng Lu
fb1936cb587262cd539e84b34541abb06e42b2f9 in linux-6.6.y/6.6.14
ac16667237a82e2597e329eb9bc520d1cf9dff30 in mainline linux
jsg [Mon, 29 Jan 2024 01:39:33 +0000 (01:39 +0000)]
drm/amdgpu/debugfs: fix error code when smc register accessors are NULL
From Alex Deucher
5bc4f16118c575410e7be220bbb9b1fa2ee4274b in linux-6.6.y/6.6.14
afe58346d5d3887b3e49ff623d2f2e471f232a8d in mainline linux
jsg [Mon, 29 Jan 2024 01:37:52 +0000 (01:37 +0000)]
drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table
From Zhipeng Lu
0564e8a427914015d773a32f6e9baa2bd2f38a37 in linux-6.6.y/6.6.14
28c28d7f77c06ac2c0b8f9c82bc04eba22912b3b in mainline linux
jsg [Mon, 29 Jan 2024 01:36:31 +0000 (01:36 +0000)]
drm/radeon/dpm: fix a memleak in sumo_parse_power_table
From Zhipeng Lu
a26634b3ce218ee3a308f2c0e326a1c7d4bb97ec in linux-6.6.y/6.6.14
0737df9ed0997f5b8addd6e2b9699a8c6edba2e4 in mainline linux
jsg [Mon, 29 Jan 2024 01:34:47 +0000 (01:34 +0000)]
drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()
From Yang Yingliang
0b813a6a0087451cb702b6eb841f10856f49d088 in linux-6.6.y/6.6.14
7a2464fac80d42f6f8819fed97a553e9c2f43310 in mainline linux
jsg [Mon, 29 Jan 2024 01:32:31 +0000 (01:32 +0000)]
drm/drv: propagate errors from drm_modeset_register_all()
From Dmitry Baryshkov
af9d39677c919f5c7dc67675aa0d30f7793bd324 in linux-6.6.y/6.6.14
5f8dec200923a76dc57187965fd59c1136f5d085 in mainline linux
jsg [Mon, 29 Jan 2024 01:30:49 +0000 (01:30 +0000)]
drm/radeon: check return value of radeon_ring_lock()
From Nikita Zhandarovich
18bd4d184675fbb2fc4b2f9b80aaebea2e05fca0 in linux-6.6.y/6.6.14
71225e1c930942cb1e042fc08c5cc0c4ef30e95e in mainline linux
jsg [Mon, 29 Jan 2024 01:29:18 +0000 (01:29 +0000)]
drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check()
From Nikita Zhandarovich
056484916a131ebad65ee33048ec959f6186befc in linux-6.6.y/6.6.14
b5c5baa458faa5430c445acd9a17481274d77ccf in mainline linux
jsg [Mon, 29 Jan 2024 01:27:31 +0000 (01:27 +0000)]
drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg()
From Nikita Zhandarovich
0413e8869171145d8a53f9d009f59c804b37c7b2 in linux-6.6.y/6.6.14
39c960bbf9d9ea862398759e75736cfb68c3446f in mainline linux
jsg [Mon, 29 Jan 2024 01:25:00 +0000 (01:25 +0000)]
drm/bridge: Fix typo in post_disable() description
From Dario Binacchi
c111350d673a517c3995849c724e444205f7e51c in linux-6.6.y/6.6.14
288b039db225676e0c520c981a1b5a2562d893a3 in mainline linux
jsg [Mon, 29 Jan 2024 01:23:04 +0000 (01:23 +0000)]
drm/dp_mst: Fix fractional DSC bpp handling
From Ville Syrjala
4e042f022255604c68ab5d5f73c8f437d24d651e in linux-6.6.y/6.6.14
7707dd6022593f3edd8e182e7935870cf326f874 in mainline linux
yasuoka [Mon, 29 Jan 2024 00:59:54 +0000 (00:59 +0000)]
Open /etc/{services,protocols} before pledge(2).
ok tobhe
stsp [Sun, 28 Jan 2024 22:30:39 +0000 (22:30 +0000)]
add support for sending management frames to qwx(4)
The initial AUTH frame is now sent when an AP is found during scans.
We then receive an AUTH response from the AP. Handling this response
in the driver will be our next step.
tb [Sun, 28 Jan 2024 21:00:54 +0000 (21:00 +0000)]
The KNF script didn't grok LHASH_OF(), STACK_OF()
tb [Sun, 28 Jan 2024 20:57:15 +0000 (20:57 +0000)]
Avoid calling EVP_CIPHER_CTX_reset() on a NULL ctx
bluhm [Sun, 28 Jan 2024 20:34:25 +0000 (20:34 +0000)]
Use more specific sockaddr type for inpcb notify.
in_pcbnotifyall() is an IPv4 only function. All callers check that
sockaddr dst is in fact a sockaddr_in. Pass the more spcific type
and remove the runtime check at beginning of in_pcbnotifyall().
Use const sockaddr_in in in_pcbnotifyall() and const sockaddr_in6
in6_pcbnotify() as dst parameter.
OK millert@
deraadt [Sun, 28 Jan 2024 19:05:33 +0000 (19:05 +0000)]
Remove the 'l' and 'L' flag printing in 'STAT' column. These were added
to provide visibility of the internal behaviour of pinsyscalls(2) during
introduction. These flags remain (less) visible in the "-o procflags"
option, as 0x08000000 (PS_PIN) and 0x10000000 (PS_LIBCPIN).
That's good enough.
mglocker [Sun, 28 Jan 2024 18:42:58 +0000 (18:42 +0000)]
Back out the TSO support diff, since we got issues reported for which
no solution could be found. Known issues at this point:
1. sparc64 panics, probably because of an alignment issue in struct
tcphdr { th_off }. A diff for potentially fixing the alignment issue
exists, but testing is pending.
2. Watchdogs reported on the I350 chip, which can't be reproduced on own
hardware.
deraadt [Sun, 28 Jan 2024 18:38:16 +0000 (18:38 +0000)]
correct DPADD; fromKrystian Lewandowski
op [Sun, 28 Jan 2024 17:23:17 +0000 (17:23 +0000)]
allow escaping inside quotes
RFC5322 allows for escapes using \ inside quotes. Otherwise, headers
such as
From: "\"Doe, John\"" <op>
get mangled as "\"Doe@localhost, John\" <op> since \ would be treated as
ordinary character and not the escape for the quote.
Bug reported by TobiasEgg on the OpenSMTPD-portable github repository.
ok millert@
tb [Sun, 28 Jan 2024 16:11:31 +0000 (16:11 +0000)]
sync with userland
tb [Sun, 28 Jan 2024 16:10:51 +0000 (16:10 +0000)]
Pull in some post 1.3.1 upstream commits
This is only cosmetic as far as OpenBSD is concerned.
joshua [Sun, 28 Jan 2024 14:55:40 +0000 (14:55 +0000)]
Clean up EVP_CIPHER_CTX_init() usage in cmac.c
This replaces usage of EVP_CIPHER_CTX_init() with EVEP_CIPHER_CTX_new(),
and EVP_CIPHER_CTX_cleanup() with EVP_CIPHER_CTX_reset().
This also replaces usage of malloc with calloc, and free with freezero.
ok tb@
joshua [Sun, 28 Jan 2024 14:43:48 +0000 (14:43 +0000)]
Clean up EVP_MD_CTX_{init,cleanup}() usage in ASN1_item_verify()
ok tb@
anton [Sun, 28 Jan 2024 12:36:21 +0000 (12:36 +0000)]
Use the wait until construct in ixp.sh in the hopes of making it more
stable.
jsg [Sun, 28 Jan 2024 03:01:39 +0000 (03:01 +0000)]
match on Intel C3000
tested by Stephane Tranchemer
deraadt [Sun, 28 Jan 2024 01:07:26 +0000 (01:07 +0000)]
Force -fno-stack-protector on "boot block" that absolutely can't have
a stack protector (probably not even a -fstack-protector-strong) because
the bloat would render them unuseable. This also means the system
compiler can now take on any more it wants, and all the pieces which
can't use the stack protector are properly marked.
ok kettenis
deraadt [Sun, 28 Jan 2024 00:40:22 +0000 (00:40 +0000)]
set -fno-stack-protector in NORMAL_C_NOP, which is used to compile
mcount.c, in the same way that -fno-ret-protector is set (because
the default ret-protector is an "always" generator). This change
ensures there is never a stack protector prologue/epilogue in the
functions in that file, no matter what stack protector selection
algorithm is in play.
ok kettenis guenther
tb [Sat, 27 Jan 2024 23:34:18 +0000 (23:34 +0000)]
Dynamic EVP_PKEY_METHODs are a thing from the past
bluhm [Sat, 27 Jan 2024 21:35:13 +0000 (21:35 +0000)]
Assert that tcp_timer_rexmt() uses IPv4 inpcb.
in_pcbnotifyall() must be called with IPv4 inpcb only. Comment why
this is the case and verify it with kassert. This assures that
inp_faddr is a valid address.
OK mvs@
bluhm [Sat, 27 Jan 2024 21:13:46 +0000 (21:13 +0000)]
Declare address parameter in TCP SYN cache const.
tcp6_ctlinput() casted a constant sockaddr_sin6 to non-const sockaddr.
sa6_src may be &sa6_any which lives in read-only data section.
Better pass down the const addresses to syn_cache_lookup(). They
are needed for hash lookup and are not modified.
OK mvs@
tb [Sat, 27 Jan 2024 18:12:27 +0000 (18:12 +0000)]
Add a few aliases for ECDSA and DSA for security/xca
ok jsing
tb [Sat, 27 Jan 2024 17:20:20 +0000 (17:20 +0000)]
Use ret instead of rv in a few keyivgen functions
tb [Sat, 27 Jan 2024 17:14:33 +0000 (17:14 +0000)]
Fold keyivgen functions into evp_pbe.c
These are only used by the EVP_PBE routines and will become internal in
the next major bump.
tb [Sat, 27 Jan 2024 16:50:39 +0000 (16:50 +0000)]
Make some comments and some whitespace less ugly
tb [Sat, 27 Jan 2024 16:36:17 +0000 (16:36 +0000)]
Whitespace tweak
tb [Sat, 27 Jan 2024 16:26:25 +0000 (16:26 +0000)]
Throw PKCS5_PBE_add() into the trash bin at the end of evp_pbe.c
This has been a noop since forever and will be removed in the next bump.
tb [Sat, 27 Jan 2024 16:22:29 +0000 (16:22 +0000)]
Mark the functions at the end of this file for removal
tb [Sat, 27 Jan 2024 16:18:25 +0000 (16:18 +0000)]
Support HMAC with SHA-3 as a PBE PRF
ok jsing
tb [Sat, 27 Jan 2024 16:17:32 +0000 (16:17 +0000)]
Support HMAC with truncated SHA-2 as a PBE PRF
ok jsing
tb [Sat, 27 Jan 2024 16:08:43 +0000 (16:08 +0000)]
Teach OBJ_find_sigid_{,by_}algs(3) about ECDSA with SHA-3
This allows signing and verifying ASN.1 "items" using the ECDSA with SHA-3
signature algorithms. With this diff, ECDSA certificates and CMS products
using ECDSA with SHA-3 can be generated using the openssl command line tool.
ok jsing
phessler [Sat, 27 Jan 2024 15:15:01 +0000 (15:15 +0000)]
firmware for qwx(4) devices
jsing [Sat, 27 Jan 2024 14:35:13 +0000 (14:35 +0000)]
Enable for TLSv1.3 now that shutdown behaviour matches the legacy stack.
jsing [Sat, 27 Jan 2024 14:34:28 +0000 (14:34 +0000)]
Rework tls13_legacy_shutdown() to match the legacy stack behaviour.
Respect the ssl->shutdown flags rather than what has actually happened,
return -1 for all EOF errors and completely ignore the return value when
attempting to read a close-notify from the wire.
ok tb@
jsing [Sat, 27 Jan 2024 14:31:01 +0000 (14:31 +0000)]
Make tls13_legacy_return_code() static.
jsing [Sat, 27 Jan 2024 14:23:51 +0000 (14:23 +0000)]
Add message callbacks for alerts in the TLSv1.3 stack.
This will make it easier to regress test shutdown behaviour in the TLSv1.3
stack. Additionally, `openssl -msg` now shows alerts for TLSv1.3
connections.
ok tb@
kettenis [Sat, 27 Jan 2024 12:23:03 +0000 (12:23 +0000)]
Add a few drivers to support Allwinner D1.
kettenis [Sat, 27 Jan 2024 12:05:40 +0000 (12:05 +0000)]
On Allwinner D1, the SBI call to schedule timer interrupts doesn't work.
Instead we have to use one of the timers integerated on the SoC that
triggers an external interrupt. Add the appropriate driver and change
the MD clock code to hook it up.
ok cheloha@, jca@
kettenis [Sat, 27 Jan 2024 11:22:16 +0000 (11:22 +0000)]
Add support for newer SoCs that store the data as number of days since the
Unix epoch instead of a calender date.
ok jca@
martijn [Sat, 27 Jan 2024 09:53:59 +0000 (09:53 +0000)]
Implement an initial SMIv2 parser based around RFC257[89]. RFC2580 isn't
supported yet. SMIv1 is not supported. Parsing is done in a strict
manner, but except for the (deprecated) IPV6-TC MIB everything from
IETF/IANA that I found parses.
For now this code will be used OID<->name translations, but other
functionality could be added in the future.
This commit just includes the parser, usage and including the MIB files
will be done in separate commits.
Go ahead from tb@
tb [Sat, 27 Jan 2024 07:28:28 +0000 (07:28 +0000)]
Allocate a fixed NID for the acmeIdentifer OID
ok job jsing
tb [Sat, 27 Jan 2024 07:27:41 +0000 (07:27 +0000)]
Add data for the RFC 8737 acmeIdentifier
This teaches the object database OID, long and short names for the
ACME identifier X.509v3 extension defined in RFC 8737.
ok job jsing
deraadt [Sat, 27 Jan 2024 00:12:34 +0000 (00:12 +0000)]
sync
jan [Fri, 26 Jan 2024 21:14:08 +0000 (21:14 +0000)]
Put checksum flags in bpf_hdr to use them in userland dhcpleased.
Thus, dhcpleased accept non-calculated checksums which were verified by
hardware/hypervisor.
With tweaks from dlg@
ok bluhm@
mkay tobhe@
kettenis [Fri, 26 Jan 2024 19:23:03 +0000 (19:23 +0000)]
Fix panic messages.
kettenis [Fri, 26 Jan 2024 19:20:00 +0000 (19:20 +0000)]
Recognize the T-Head PLIC implementation.
ok jca@
deraadt [Fri, 26 Jan 2024 18:57:06 +0000 (18:57 +0000)]
partial sync
mvs [Fri, 26 Jan 2024 18:24:58 +0000 (18:24 +0000)]
regen
mvs [Fri, 26 Jan 2024 18:24:23 +0000 (18:24 +0000)]
Unlock listen(2). `somaxconn_local' and `sominconn_local' used
respectively to cache values as we do in other places.
ok bluhm
job [Fri, 26 Jan 2024 18:11:49 +0000 (18:11 +0000)]
Add a -V flag to bgplgd
OK claudio@
bluhm [Fri, 26 Jan 2024 18:09:24 +0000 (18:09 +0000)]
Skip test with 100000 file descriptors also on macppc.
It panics with malloc: out of space in kmem_map.
kettenis [Fri, 26 Jan 2024 17:50:00 +0000 (17:50 +0000)]
Initial clock support for Allwinner D1.
ok dlg@, mlarkin@
kettenis [Fri, 26 Jan 2024 17:11:50 +0000 (17:11 +0000)]
Add support for the Allwinner D1 USB PHY.
ok dlg@, jca@
kettenis [Fri, 26 Jan 2024 17:03:45 +0000 (17:03 +0000)]
Add Allwinner D1 support.
ok dlg@, jca@
kettenis [Fri, 26 Jan 2024 16:59:47 +0000 (16:59 +0000)]
Implement T-Head cache management operations which are needed to handle
the incoherent hardware design of SoCs like the Allwinner D1.
ok miod@, jca@
sthen [Fri, 26 Jan 2024 16:35:58 +0000 (16:35 +0000)]
remove /mnt/usr/include/c++/v1 before extracting sets, it changed from
a file to a dir with the libc++ update to 16. ok deraadt phessler
deraadt [Fri, 26 Jan 2024 15:11:18 +0000 (15:11 +0000)]
repair gratitous difference for install command arguments, relative to all other architectures
job [Fri, 26 Jan 2024 11:58:36 +0000 (11:58 +0000)]
Add 'openssl x509 -new' functionality to the libcrypto CLI utility
The ability to generate a new certificate is useful for testing and
experimentation with rechaining PKIs.
While there, alias '-key' to '-signkey' for compatibility.
with and OK tb@
robert [Fri, 26 Jan 2024 11:51:45 +0000 (11:51 +0000)]
update libcxx, libcxxabi and libunwind to 16.0.6;
tested by and input from tb@; ok kettenis@
robert [Fri, 26 Jan 2024 11:49:45 +0000 (11:49 +0000)]
merge llvm libcxx 16.0.6
robert [Fri, 26 Jan 2024 11:47:53 +0000 (11:47 +0000)]
import of libcxx-16.0.6
robert [Fri, 26 Jan 2024 11:45:17 +0000 (11:45 +0000)]
merge llvm libcxxabi 16.0.6
robert [Fri, 26 Jan 2024 11:43:33 +0000 (11:43 +0000)]
import of libcxxabi 16.0.6
robert [Fri, 26 Jan 2024 11:41:32 +0000 (11:41 +0000)]
merge llvm libunwind 16.0.6
robert [Fri, 26 Jan 2024 11:39:01 +0000 (11:39 +0000)]
import of llvm libunwind 16.0.6
robert [Fri, 26 Jan 2024 11:36:31 +0000 (11:36 +0000)]
merge llvm compiler-rt 16.0.6
jsg [Fri, 26 Jan 2024 11:36:26 +0000 (11:36 +0000)]
remove stub printf from amdgpu_acpi_enumerate_xcc()
the loop that looks for AMD* hid objects remains disabled
robert [Fri, 26 Jan 2024 11:27:33 +0000 (11:27 +0000)]
import llvm compiler-rt 16.0.6
mpi [Thu, 25 Jan 2024 20:50:58 +0000 (20:50 +0000)]
Return 0 when accessing an argument not defined in a probe.
Adapted from a fix from Christian Ludwig.
stsp [Thu, 25 Jan 2024 17:00:20 +0000 (17:00 +0000)]
Make qwx(4) avoid sub-directories in firmware paths.
millert [Thu, 25 Jan 2024 16:40:51 +0000 (16:40 +0000)]
Update awk to the Jan 22, 2024 version.
tb [Thu, 25 Jan 2024 15:33:35 +0000 (15:33 +0000)]
Plug a few leaks and perform some other code hygiene
Closing this directory now until the daily Coverity run throws a hissy fit.
ok jsing
tb [Thu, 25 Jan 2024 15:09:22 +0000 (15:09 +0000)]
This table no longer needs to be sorted
tb [Thu, 25 Jan 2024 14:15:05 +0000 (14:15 +0000)]
p12_npas.c: hoist some helpers from the bottom to the top in reverse order
tb [Thu, 25 Jan 2024 14:09:26 +0000 (14:09 +0000)]
p12_npas.c: maclen -> mac_len
tb [Thu, 25 Jan 2024 14:08:30 +0000 (14:08 +0000)]
p12_npas.c: Use slightly less awkward variable names
tb [Thu, 25 Jan 2024 13:44:08 +0000 (13:44 +0000)]
Fix various NULL dereferences in PKCS #12
The PKCS #7 ContentInfo has a mandatory contentType, but the content itself
is OPTIONAL. Various unpacking API assumed presence of the content type is
enough to access members of the content, resulting in crashes.
Reported by Bahaa Naamneh on libressl-security, many thanks
ok jsing
tb [Thu, 25 Jan 2024 13:32:49 +0000 (13:32 +0000)]
Merge PKCS12_newpass() and newpass_p12()
With the previous refactoring, newpass_p12() became simple enough that it
doesn't require a separate function anymore. Merge the public API into it
and move it below (most of) the things it calls.
ok jsing
tb [Thu, 25 Jan 2024 12:22:31 +0000 (12:22 +0000)]
Ditch another noop from OPENSSL_cleanup()
tb [Thu, 25 Jan 2024 12:20:17 +0000 (12:20 +0000)]
Remove the custom X509v3 extensions stack
This is essentially unused. The only consumer, www/kore,-acme is in the
process of being fixed. It is also incomplete: in particular, the verifier
doesn't learn about extensions added to the list, making the entire
exercise rather pointless. So let's ditch that crap.
This was the last consumer of the horror that is OBJ_bsearch_().
The even worse OBJ_bsearch_ex_() is still being "used" by M2Crypto...
This prepares the removal of X509V3_EXT_{add{,_list,_alias},cleanup}().
and removes another piece of thread-unsafe global state.
ok jsing
claudio [Thu, 25 Jan 2024 11:13:35 +0000 (11:13 +0000)]
Use RFC7606 treat-as-withdraw for ORIGIN attributes with an invalid value.
OK tb@
tb [Thu, 25 Jan 2024 10:53:05 +0000 (10:53 +0000)]
Rename pkcs12_repack_safe() into pkcs12_repack_authsafes()
discussed with jsing
tb [Thu, 25 Jan 2024 10:44:39 +0000 (10:44 +0000)]
Rework newpass_p12() a bit more
Split the bottom half that repacks the authsafes into a helper function.
This simplifies the curly exit path and makes it clearer what is being
done. PKCS12_pack_authsafes() is a very inconvenient API and there are
some extra dances needed due to it.
ok jsing
stsp [Thu, 25 Jan 2024 10:11:04 +0000 (10:11 +0000)]
implement qwx_auth() which moves the device from SCAN into AUTH state
Port code from Linux to provide access point info to firmware and to
start up the firmware's virtual interface in station mode.
Sending frames does not work yet so we cannot actually connect anywhere.
stsp [Thu, 25 Jan 2024 10:07:47 +0000 (10:07 +0000)]
Process scan results in qwx(4) now that we are longer crashing the kernel.
stsp [Thu, 25 Jan 2024 10:03:20 +0000 (10:03 +0000)]
Disable monitor status ring support in qwx(4).
The ring isn't needed to scan for APs. This ring's ext interrupt fires
continously and we somehow end up with mbuf corruption which looks
like an mcl2k cluster overwrite (this bug is present even before the
changes added in my previous commit). Disable this code path for now
to work around the corruption, allowing work on this driver to proceed.
claudio [Thu, 25 Jan 2024 09:54:21 +0000 (09:54 +0000)]
Siwtch IMSG_CTL_SHOW_RIB_COMMUNITIES over to the new ibuf api.
Adjust fmt_ext_community() to take a uint64_t as argument instead of
passing a pointer.
OK tb@
stsp [Thu, 25 Jan 2024 09:51:33 +0000 (09:51 +0000)]
Port over some ath11k code to handle the qwx(4) monitor status ring.
These changes are incomplete. More work will be required to get this
ring working if it turns out to be needed. Hopefully it will only be
required for monitor mode.
claudio [Thu, 25 Jan 2024 09:46:12 +0000 (09:46 +0000)]
Convert most attributes in rde_attr_parse() to new ibuf API.
This skips ATTR_ASPATH and ATTR_AS4_PATH for now, those will follow soon.
Reshuffle checks a little bit. While ibuf_get does ensure that enough data
is available do a precise size check to ensure that only the expected amount
of data is available.
OK tb@