openbsd
18 months agoMark the fan speed sensor as invalid when it reports -1 RPM. This happens for
miod [Thu, 27 Apr 2023 19:06:57 +0000 (19:06 +0000)]
Mark the fan speed sensor as invalid when it reports -1 RPM. This happens for
a short while after suspend.
ok deraadt@ kn@

18 months agoBetter pcic(4) description.
miod [Thu, 27 Apr 2023 19:01:01 +0000 (19:01 +0000)]
Better pcic(4) description.

18 months agoadd support for I/O statistics so that tape speeds can be observed with
robert [Thu, 27 Apr 2023 18:21:44 +0000 (18:21 +0000)]
add support for I/O statistics so that tape speeds can be observed with
iostat(8)

18 months agosort options;
jmc [Thu, 27 Apr 2023 17:18:40 +0000 (17:18 +0000)]
sort options;

18 months agoarm64 install.md: fix softraid crypto installation on Mac
caspar [Thu, 27 Apr 2023 17:04:17 +0000 (17:04 +0000)]
arm64 install.md: fix softraid crypto installation on Mac

Make sure we don't newfs the EFI Sys partition on systems that have an
"apfsisc" partition in the case we're installing with softraid crypto.

Debugged with help from and came up with a fix with kn@

"go ahead" kettenis@
"no objections" krw@
OK kn@

18 months agoRFC 9096 changes the default timers for prefix preferred and valid lifetimes,
phessler [Thu, 27 Apr 2023 16:56:52 +0000 (16:56 +0000)]
RFC 9096 changes the default timers for prefix preferred and valid lifetimes,
so update rad(8) to the new ones.

OK florian@

18 months agotiny wording tweak from Ted Bullock to make misunderstandings less likely;
schwarze [Thu, 27 Apr 2023 16:48:53 +0000 (16:48 +0000)]
tiny wording tweak from Ted Bullock to make misunderstandings less likely;
OK jmc@

18 months agoImplement -V as an alias to --version.
claudio [Thu, 27 Apr 2023 16:28:18 +0000 (16:28 +0000)]
Implement -V as an alias to --version.
From Martin Cracauer
OK kn@

18 months agoConvert size_t's used in conjuction with sk_X509_num back to int.
beck [Thu, 27 Apr 2023 16:12:08 +0000 (16:12 +0000)]
Convert size_t's used in conjuction with sk_X509_num back to int.

The lets the regress in x509/policy pass instead of infinite looping.

The changes are necessry  because our sk_num() returns an int with
0 for empty and -1 for NULL, wheras BoringSSL's returns a size_t with
0 for both an empty stack and a NULL stack.

pair work with tb@
ok tb@ jsing@

18 months agovarious markup tweaks, no content change; OK jmc@
schwarze [Thu, 27 Apr 2023 16:10:11 +0000 (16:10 +0000)]
various markup tweaks, no content change; OK jmc@

18 months agovarious minor content corrections and improvements;
schwarze [Thu, 27 Apr 2023 15:44:36 +0000 (15:44 +0000)]
various minor content corrections and improvements;
feedback and OK jmc@ and Ted Bullock

18 months agoRemove efi32 and efi64. These are leftovers from a project that didn't go
kettenis [Thu, 27 Apr 2023 15:06:35 +0000 (15:06 +0000)]
Remove efi32 and efi64.  These are leftovers from a project that didn't go
very far and the presence of these directories just confuse people and
make them do more work than necessary.

ok patrick@, kn@, mlarkin@

18 months agoAlso list the command constants not associated with any macros,
schwarze [Thu, 27 Apr 2023 14:44:33 +0000 (14:44 +0000)]
Also list the command constants not associated with any macros,
and point to their documentation.

18 months agoRemove kernel lock from rtfree(9).
mvs [Thu, 27 Apr 2023 14:41:09 +0000 (14:41 +0000)]
Remove kernel lock from rtfree(9).

Route timers and route labels protected by corresponding mutexes. `ifa'
uses references counting for protection. rt_mpls_clear() could be called
lockless because this is the last reference of `rt'.

ok bluhm@ kn@

18 months agoRetire -E's "expert" mode. Introduced 23 years ago to avoid
krw [Thu, 27 Apr 2023 14:19:28 +0000 (14:19 +0000)]
Retire -E's "expert" mode. Introduced 23 years ago to avoid
confusing users with FFS attributes that only experts should
fiddle with. Actual use has withered away with functionality
rendered moot or moved elsewhere.

'-e' remains for the truly obscure corner cases.

Simply excise the code for now to see if hidden users/uses are
exposed.  Further simplifications are possible if no such
users/uses surface.

ok with sthen@ millert@ kn@ otto@

18 months agoTemporarily workaround double calls into vioscsi_req_done()
krw [Thu, 27 Apr 2023 13:52:58 +0000 (13:52 +0000)]
Temporarily workaround double calls into vioscsi_req_done()
causing NULL de-reference.

Reported, initial patch and tests by Antun Matanovic. Thanks!

ok miod@

18 months agocorrect test cases to add expected errors.
beck [Thu, 27 Apr 2023 13:26:57 +0000 (13:26 +0000)]
correct test cases to add expected errors.

18 months agorevert cache lookup for full pathnames
robert [Thu, 27 Apr 2023 12:27:56 +0000 (12:27 +0000)]
revert cache lookup for full pathnames

18 months agoStart of an x509 policy regress test. test cases from BoringSSL.
beck [Thu, 27 Apr 2023 12:23:31 +0000 (12:23 +0000)]
Start of an x509 policy regress test. test cases from BoringSSL.

Still a work in progress adapting tests from boringssl x509_test.cc
but dropping in here for tb to be able to look at and run as well
since the new stuff still has bugs.

18 months agoRemove net lock from DIOCGETTIMEOUT
kn [Thu, 27 Apr 2023 12:10:30 +0000 (12:10 +0000)]
Remove net lock from DIOCGETTIMEOUT

'pfctl -s timeouts' values are only used inside of pf, entirely protected
by the pf lock through the ioctl interface;  the net lock is useless.

Previous attempts to remove net lock usage showed that the pf lock cannot
yet entirely replace it, so start with small pieces like this one.

Contrary to IPv4/6 read-only ioctls, some pf ioctls without FWRITE flag do
modify internal pf state, which is not entirely obvious when approached
from the ioctl layer.

OK sashan dlg

18 months agoAdd `rttimer_mtx' to the locking description.
mvs [Thu, 27 Apr 2023 11:11:04 +0000 (11:11 +0000)]
Add `rttimer_mtx' to the locking description.

No functional changes.

18 months agotlsexttest: check additional logic in tlsext randomization
tb [Thu, 27 Apr 2023 10:53:58 +0000 (10:53 +0000)]
tlsexttest: check additional logic in tlsext randomization

This verifies that we put PSK always last and that the Apache 2 special
does what it is supposed to do. There is also some weak validation of
the Fisher-Yates shuffle that will likely catch errors introduced in
tlsext_randomize_build_order()

18 months agozap APM_CANCEL, dead since import; OK tb
kn [Thu, 27 Apr 2023 10:51:27 +0000 (10:51 +0000)]
zap APM_CANCEL, dead since import;  OK tb

18 months agossl_tlsext.c: Add an accessor for the tls extension type.
tb [Thu, 27 Apr 2023 10:50:37 +0000 (10:50 +0000)]
ssl_tlsext.c: Add an accessor for the tls extension type.

Needed for the tlsexttest.c

ok jsing

18 months agoSomehow I managed not to bump LIBRESSL_VERSION_NUMBER
tb [Thu, 27 Apr 2023 10:43:47 +0000 (10:43 +0000)]
Somehow I managed not to bump LIBRESSL_VERSION_NUMBER

reported by aja

18 months agoTreat crypto disk like the root disk, both are boot disks
kn [Thu, 27 Apr 2023 10:03:49 +0000 (10:03 +0000)]
Treat crypto disk like the root disk, both are boot disks

Chosing [W]hole on a GPT disk means it needs non-default `-b' fdisk(8)
to account for existing EFI Sys partitions, whether it modifies an existing
GPT (Apple APFS ISC) or writing a new one.

With 'Encrypt the root disk?' answered postively, the crypto disk instead of
the root disk becomes the boot disk.

Extend the logic to both crypto and root disk, really asking
"is this a boot disk?".

with caspar

18 months agoEC_KEY_{get,insert}_key_method_data() are no longer available
tb [Thu, 27 Apr 2023 09:49:44 +0000 (09:49 +0000)]
EC_KEY_{get,insert}_key_method_data() are no longer available

18 months agoOne more reciprocal thing hid in here (yay for consistent naming)
tb [Thu, 27 Apr 2023 09:47:03 +0000 (09:47 +0000)]
One more reciprocal thing hid in here (yay for consistent naming)

18 months agoRemove stale references to BN reciprocal stuff
tb [Thu, 27 Apr 2023 09:45:56 +0000 (09:45 +0000)]
Remove stale references to BN reciprocal stuff

18 months agosync
tb [Thu, 27 Apr 2023 09:44:40 +0000 (09:44 +0000)]
sync

18 months agoRemove documentation of reciprocal BN which is now internal only
tb [Thu, 27 Apr 2023 09:43:55 +0000 (09:43 +0000)]
Remove documentation of reciprocal BN which is now internal only

18 months agoRemove documentation of GF2m point stuff
tb [Thu, 27 Apr 2023 09:39:52 +0000 (09:39 +0000)]
Remove documentation of GF2m point stuff

18 months agoEC_GROUP_new() Strip out complications due to binary curves.
tb [Thu, 27 Apr 2023 09:35:20 +0000 (09:35 +0000)]
EC_GROUP_new() Strip out complications due to binary curves.

18 months agoRemove stale reference to BN_GF2m_add()
tb [Thu, 27 Apr 2023 09:11:40 +0000 (09:11 +0000)]
Remove stale reference to BN_GF2m_add()

18 months agosync
tb [Thu, 27 Apr 2023 09:08:48 +0000 (09:08 +0000)]
sync

18 months agoRemove BN_GF2m_add.3
tb [Thu, 27 Apr 2023 09:08:08 +0000 (09:08 +0000)]
Remove BN_GF2m_add.3

18 months agoAdd support for (one of) the PCIe controllers on the RK3588 SoC. Since
kettenis [Thu, 27 Apr 2023 09:03:06 +0000 (09:03 +0000)]
Add support for (one of) the PCIe controllers on the RK3588 SoC.  Since
MSIs don't work (yet) on this SoC, implement support for legacy interrupts
for the Rockchip SoCs.  Also drop the restrictions on the bus number range
as the device tree I'm using has bus numbers start at 64 for the controller
in question.

ok patrick@, dlg@`

18 months agoFix config space access for the root bus of a dwpcie(4) controller when
kettenis [Thu, 27 Apr 2023 09:00:03 +0000 (09:00 +0000)]
Fix config space access for the root bus of a dwpcie(4) controller when
the root bus number isn't zero.

ok patrick@, dlg@

18 months agoAdd RK3588 support.
kettenis [Thu, 27 Apr 2023 08:56:39 +0000 (08:56 +0000)]
Add RK3588 support.

ok patrick@, dlg@

18 months agoAdd some RK3588 PCIe related clocks.
kettenis [Thu, 27 Apr 2023 08:55:59 +0000 (08:55 +0000)]
Add some RK3588 PCIe related clocks.

Also add some RK3588 resets.  Whoever reviewed the bindings on Linux gave
the brilliant advice that clock IDs and reset IDs should not in any way
have a sane mapping to the hardware registers, even though that is the
case on all older Rockchip SoCs and greatly simplifies the driver.  So
now we need to implement pointless lookup code.

ok patrick@, dlg@

18 months agoRemove mention of EC_GFp_nist_method and add back a .Pp that was
tb [Thu, 27 Apr 2023 08:47:04 +0000 (08:47 +0000)]
Remove mention of EC_GFp_nist_method and add back a .Pp that was
accidentally dropped

18 months agoMake rpki-client choose the verification time of the time it is invoked
beck [Thu, 27 Apr 2023 08:37:53 +0000 (08:37 +0000)]
Make rpki-client choose the verification time of the time it is invoked
rather than always getting the current system time for every certificate
verification. This will result in output that is not variable on run-time.

ok tb@ claudio@

18 months agoThe ASIX AX88179A chipset does not work properly with the axen(4) driver.
gerhard [Thu, 27 Apr 2023 08:33:59 +0000 (08:33 +0000)]
The ASIX AX88179A chipset does not work properly with the axen(4) driver.
For now switch it to cdce(4) until native support is provided by axen(4).

ok bentley@ stsp@

18 months agoRemove braces around single lines statements using knfmt -s
tb [Thu, 27 Apr 2023 08:07:26 +0000 (08:07 +0000)]
Remove braces around single lines statements using knfmt -s

Pointed out by anton

18 months agoRework simple allocation and free functions in x509_policy.c
tb [Thu, 27 Apr 2023 08:04:40 +0000 (08:04 +0000)]
Rework simple allocation and free functions in x509_policy.c

Use calloc() instead of malloc/memset and make free functions look the
same as elsewhere in the tree.

ok beck jsing

18 months agoReimplement output-json.c using json.c from bgpctl.
claudio [Thu, 27 Apr 2023 07:57:25 +0000 (07:57 +0000)]
Reimplement output-json.c using json.c from bgpctl.

Much rejoice from tb@ and job@
OK tb@

18 months agoRemove dangling references to BN_get0_nist_prime_521(3)
tb [Thu, 27 Apr 2023 07:22:22 +0000 (07:22 +0000)]
Remove dangling references to BN_get0_nist_prime_521(3)

18 months agoMove EC_POINT_{get,set}_Jprojective_coordinates to ec_local.h
tb [Thu, 27 Apr 2023 07:10:05 +0000 (07:10 +0000)]
Move EC_POINT_{get,set}_Jprojective_coordinates to ec_local.h

18 months agoNuke doxygen noise
tb [Thu, 27 Apr 2023 07:04:23 +0000 (07:04 +0000)]
Nuke doxygen noise

18 months agoRemove documentation of no longer supported EC methods
tb [Thu, 27 Apr 2023 07:01:45 +0000 (07:01 +0000)]
Remove documentation of no longer supported EC methods

18 months agoRemove NIST prime documentation
tb [Thu, 27 Apr 2023 06:57:10 +0000 (06:57 +0000)]
Remove NIST prime documentation

18 months agosync
tb [Thu, 27 Apr 2023 06:55:19 +0000 (06:55 +0000)]
sync

18 months agoStop installing NIST prime documentation
tb [Thu, 27 Apr 2023 06:54:09 +0000 (06:54 +0000)]
Stop installing NIST prime documentation

18 months agoRemove a useless doxygen comment
tb [Thu, 27 Apr 2023 06:48:47 +0000 (06:48 +0000)]
Remove a useless doxygen comment

18 months agoUnbreak regress after yesterdays churn.
claudio [Thu, 27 Apr 2023 06:11:43 +0000 (06:11 +0000)]
Unbreak regress after yesterdays churn.
Friendly reminder from anton@

18 months agocope with recent vmm changes
anton [Thu, 27 Apr 2023 05:42:44 +0000 (05:42 +0000)]
cope with recent vmm changes

18 months ago- list some missing pci entries. dlg noticed some missing ones, and miod
jmc [Thu, 27 Apr 2023 05:41:11 +0000 (05:41 +0000)]
- list some missing pci entries. dlg noticed some missing ones, and miod
worked out what was missing
- remove commented out entry to non-existent en(4) driver
- remove all instances of .Tn

ok miod dlg

18 months agoFix logic error in rtwn_r92e_get_txpower().
kevlo [Thu, 27 Apr 2023 03:28:34 +0000 (03:28 +0000)]
Fix logic error in rtwn_r92e_get_txpower().

The RTL8192EU is up to two stream TX/RX (so MCS0->15).

ok stsp@

18 months agoWhitespace fix
kevlo [Thu, 27 Apr 2023 03:19:45 +0000 (03:19 +0000)]
Whitespace fix

18 months agosync
deraadt [Thu, 27 Apr 2023 03:06:17 +0000 (03:06 +0000)]
sync

18 months agodrm/amd/display: set dcn315 lb bpp to 48
jsg [Thu, 27 Apr 2023 02:39:04 +0000 (02:39 +0000)]
drm/amd/display: set dcn315 lb bpp to 48

From Dmytro Laktyushkin
4ac57c3fe2c0a74c6239170fc58fc824637c6015 in linux-6.1.y/6.1.26
6d9240c46f7419aa3210353b5f52cc63da5a6440 in mainline linux

18 months agodrm/amdgpu: Fix desktop freezed after gpu-reset
jsg [Thu, 27 Apr 2023 02:36:57 +0000 (02:36 +0000)]
drm/amdgpu: Fix desktop freezed after gpu-reset

From Alan Liu
bef774effb278ff0b65ea2dbaa1ab32ba6a1dc13 in linux-6.1.y/6.1.26
c8b5a95b570949536a2b75cd8fc4f1de0bc60629 in mainline linux

18 months agodrm/i915: Fix fast wake AUX sync len
jsg [Thu, 27 Apr 2023 02:34:32 +0000 (02:34 +0000)]
drm/i915: Fix fast wake AUX sync len

From Ville Syrjala
66eb772be27e228716bb81feee0400d995cbe605 in linux-6.1.y/6.1.26
e1c71f8f918047ce822dc19b42ab1261ed259fd1 in mainline linux

18 months agodrm: buddy_allocator: Fix buddy allocator init on 32-bit systems
jsg [Thu, 27 Apr 2023 02:32:24 +0000 (02:32 +0000)]
drm: buddy_allocator: Fix buddy allocator init on 32-bit systems

From David Gow
fb766acce3cf1c9637a79c1ffb3cebc61fd9d859 in linux-6.1.y/6.1.26
4453545b5b4c3eff941f69a5530f916d899db025 in mainline linux

18 months agoTreat crypto disk like the root disk, both are boot disks
kn [Wed, 26 Apr 2023 23:12:31 +0000 (23:12 +0000)]
Treat crypto disk like the root disk, both are boot disks

Chosing [W]hole on a GPT disk means it needs non-default `-b' fdisk(8)
to boot and preserve any existing BIOS boot partition.

With 'Encrypt the root disk?' answered postively, the crypto disk instead of
the root disk becomes the boot disk.

Extend the sanity check to both crypto and root disk, really asking
"is this a boot disk?".

This preserves existing boot partitions when using guided disk encryption.

18 months agoTreat crypto disk like the root disk, both are boot disks
kn [Wed, 26 Apr 2023 22:45:32 +0000 (22:45 +0000)]
Treat crypto disk like the root disk, both are boot disks

Chosing an existing OpenBSD partition on GPT during disk setup requires an
existing EFI Sys partition (the installer does not create it in thi case).

With 'Encrypt the root disk?' answered postively, the crypto disk instead of
the root disk becomes the boot disk.

Extend the EFI Sys sanity check to both crypto and root disk, really asking
"is this a boot disk?".

18 months agoadd viogpu(4); from diana eichert
jmc [Wed, 26 Apr 2023 22:34:30 +0000 (22:34 +0000)]
add viogpu(4); from diana eichert

18 months agoOn openbsd amd64, the compiler has been found to generate some nasty jump
deraadt [Wed, 26 Apr 2023 22:12:44 +0000 (22:12 +0000)]
On openbsd amd64, the compiler has been found to generate some nasty jump
table variations (calculate address into %rax, jmp %rax) which is not
compatible with IBT endbr64.  The specific generated code sequence was
found inside clang, which made the debugging experience pretty miserable.
So we will have to disable jump tables by default.
ok kettenis

18 months agoMake x509_policy.c compile with gcc 4.
tb [Wed, 26 Apr 2023 22:09:07 +0000 (22:09 +0000)]
Make x509_policy.c compile with gcc 4.

ok beck

18 months agoAdd test for invalidation of DER cache for X509_CRL_* setter functions
job [Wed, 26 Apr 2023 22:05:36 +0000 (22:05 +0000)]
Add test for invalidation of DER cache for X509_CRL_* setter functions

The program won't exit with a non-zero exit code if X509_CRL_set_*
tests fail, as the relevant bits haven't been committed to libcrypto yet.

18 months agoAdd a -P option to rpki-client to specify the evaluation time
beck [Wed, 26 Apr 2023 22:05:28 +0000 (22:05 +0000)]
Add a -P option to rpki-client to specify the evaluation time

This is intended to be able to test rpki-client in a reproducable
way without worrying about the system time changing the results

ok claudio@

18 months agoOn openbsd amd64, emit IBT endbr64 instructions by default (meaning,
deraadt [Wed, 26 Apr 2023 22:04:58 +0000 (22:04 +0000)]
On openbsd amd64, emit IBT endbr64 instructions by default (meaning,
-fcf-protection=branch is the default).  All binaries grow slightly, but
we can slowly move towards greater IBT enforcement in userland.
4th or 5th variation of this diff, with mortimer
ok kettenis

18 months agoFix phy_enable_prop_idx() to retrieve the property length with the passed
patrick [Wed, 26 Apr 2023 21:37:46 +0000 (21:37 +0000)]
Fix phy_enable_prop_idx() to retrieve the property length with the passed
property name instead of "phys".

ok dlg@

18 months agoAllow compiling with -DHAS_DAG to enable the policy check with a DAG.
tb [Wed, 26 Apr 2023 21:36:42 +0000 (21:36 +0000)]
Allow compiling with -DHAS_DAG to enable the policy check with a DAG.

ok beck

18 months agoTurn C++ comments into C comments and minor KNF fixups
tb [Wed, 26 Apr 2023 21:35:22 +0000 (21:35 +0000)]
Turn C++ comments into C comments and minor KNF fixups

18 months agoClean up X509 memory before exit
job [Wed, 26 Apr 2023 21:30:12 +0000 (21:30 +0000)]
Clean up X509 memory before exit

18 months agoUse < 0 for fprintf() error checking and not == -1.
claudio [Wed, 26 Apr 2023 21:17:24 +0000 (21:17 +0000)]
Use < 0 for fprintf() error checking and not == -1.

18 months agoKNF according to knfmt(1)
tb [Wed, 26 Apr 2023 21:07:32 +0000 (21:07 +0000)]
KNF according to knfmt(1)

18 months agoDon't rely on the disklabel defaults or a disktab entry's ba#/fa#
krw [Wed, 26 Apr 2023 20:59:32 +0000 (20:59 +0000)]
Don't rely on the disklabel defaults or a disktab entry's ba#/fa#
values for the block/fragment sizes that some install media need.
Hoist the desired values into the newfs(8) invocations to make it
obvious non-default values are required and what the values are.

No functional change.

18 months agoZap trailing whitespace
tb [Wed, 26 Apr 2023 20:54:21 +0000 (20:54 +0000)]
Zap trailing whitespace

18 months agoVerify each fprintf call for success. On failure stop calling fprintf
claudio [Wed, 26 Apr 2023 20:53:17 +0000 (20:53 +0000)]
Verify each fprintf call for success. On failure stop calling fprintf
and return -1 in json_do_finish().
tb@ thinks this is not to horrible

18 months agoAdd RCS tag
tb [Wed, 26 Apr 2023 20:52:11 +0000 (20:52 +0000)]
Add RCS tag

18 months agoTake X509_POLICY_NODE_print() behind the barn
tb [Wed, 26 Apr 2023 20:43:32 +0000 (20:43 +0000)]
Take X509_POLICY_NODE_print() behind the barn

This used to be public API but is now only used for debug code that has
certainly never been used since it was released to the public. It drags
that debug nonsense with it.

ok beck

18 months agoIntroduce `rtlabel_mtx' mutex(9) to protect route labels storage. This
mvs [Wed, 26 Apr 2023 19:54:35 +0000 (19:54 +0000)]
Introduce `rtlabel_mtx' mutex(9) to protect route labels storage. This
time kernel and net locks are held in various combination to protect it.
We don't want to put kernel lock to all the places. Netlock also can't
be used  because rtfree(9) which calls rtlabel_unref() has unknown
netlock state within.

This new `rtlabel_mtx' mutex(9) protects `rt_labels' list and `label'
entry dereference. Since we don't export 'rt_label' structure, keep this
lock private to net/route.c. For this reason rtlabel_id2name() now
copies label string to externally passed buffer instead of returning
address of `rt_labels' list data. This is the way which rtlabel_id2sa()
already works.

ok bluhm@

18 months agoAdd the new policy code to the build.
beck [Wed, 26 Apr 2023 19:16:02 +0000 (19:16 +0000)]
Add the new policy code to the build.

ok tb@ jsing@

18 months agoUse fprintf instead of printf and pass the FILE handle in json_do_start().
claudio [Wed, 26 Apr 2023 19:14:54 +0000 (19:14 +0000)]
Use fprintf instead of printf and pass the FILE handle in json_do_start().
OK tb@

18 months agofix some Xr;
jmc [Wed, 26 Apr 2023 19:12:48 +0000 (19:12 +0000)]
fix some Xr;

18 months agoMake the new policy code in x509_policy.c to be selectable at compile time.
beck [Wed, 26 Apr 2023 19:11:32 +0000 (19:11 +0000)]
Make the new policy code in x509_policy.c to be selectable at compile time.

The old policy codes remains the default, with the new policy code
selectable by defining LIBRESSL_HAS_POLICY_DAG.

ok tb@ jsing@

18 months agoAdd a shim to mimic the BoringSSL sk_delete_if function.
beck [Wed, 26 Apr 2023 19:08:10 +0000 (19:08 +0000)]
Add a shim to mimic the BoringSSL sk_delete_if function.

We add this locally as a function to avoid delving into
the unholy macro madness of STACK_OF(3).

ok tb@ jsing@

18 months agoAdd lookup name+function pointer table for improved diagnostics
job [Wed, 26 Apr 2023 19:05:37 +0000 (19:05 +0000)]
Add lookup name+function pointer table for improved diagnostics

OK tb@

18 months agoAdapt the sk_find calls from BoringSSL's api to ours.
beck [Wed, 26 Apr 2023 19:05:11 +0000 (19:05 +0000)]
Adapt the sk_find calls from BoringSSL's api to ours.

ok tb@ jsing@

18 months agoAdd the STACK_OF declarations we require.
beck [Wed, 26 Apr 2023 19:03:46 +0000 (19:03 +0000)]
Add the STACK_OF declarations we require.

ok tb@ jsing@

18 months agoChange OPENSSL_malloc|free|memset and friends to the normal versions.
beck [Wed, 26 Apr 2023 19:02:25 +0000 (19:02 +0000)]
Change OPENSSL_malloc|free|memset and friends to the normal versions.

ok tb@ jsing@

18 months agoFix error code goop
beck [Wed, 26 Apr 2023 19:00:57 +0000 (19:00 +0000)]
Fix error code goop

ok tb@ jsing@

18 months agoUse the correct headers to compile with libressl
beck [Wed, 26 Apr 2023 18:59:36 +0000 (18:59 +0000)]
Use the correct headers to compile with libressl

18 months agoImport policy.c from BoringSSL as x509_policy.c
beck [Wed, 26 Apr 2023 18:56:52 +0000 (18:56 +0000)]
Import policy.c from BoringSSL as x509_policy.c

This is an implementation of the X509 policy processing using a
DAG instead of a tree to avoid the problem of exponential expansion
of the policy tree as specified in RFC 5280

For details see:
https://boringssl-review.googlesource.com/c/boringssl/+/55762

ok tb@ jsing@

18 months agoNew manual page written by Ted Bullock <tbullock at comlore dot com>,
schwarze [Wed, 26 Apr 2023 18:56:16 +0000 (18:56 +0000)]
New manual page written by Ted Bullock <tbullock at comlore dot com>,
to start working on it in the tree.

18 months agoIn JSON/ASPA output, only print commas up to after the pen-ultimate applicable provider
job [Wed, 26 Apr 2023 18:34:40 +0000 (18:34 +0000)]
In JSON/ASPA output, only print commas up to after the pen-ultimate applicable provider

Reported by Ties de Kock

OK claudio@

18 months agoKill whitespace
tb [Wed, 26 Apr 2023 18:17:50 +0000 (18:17 +0000)]
Kill whitespace

18 months agoAdd prototypes for geticmptypebyname() and geticmpcodebyname().
claudio [Wed, 26 Apr 2023 18:14:28 +0000 (18:14 +0000)]
Add prototypes for geticmptypebyname() and geticmpcodebyname().
Needed for bison.