openbsd
18 months agoMake cttest work better with the portable test harness
tb [Fri, 14 Apr 2023 12:37:20 +0000 (12:37 +0000)]
Make cttest work better with the portable test harness

18 months agoFix cttest to use public header
tb [Fri, 14 Apr 2023 11:18:40 +0000 (11:18 +0000)]
Fix cttest to use public header

18 months agoRename the largely misnamed bn_print.c to bn_convert.c
jsing [Fri, 14 Apr 2023 11:10:11 +0000 (11:10 +0000)]
Rename the largely misnamed bn_print.c to bn_convert.c

This file primarily contains the various BN_bn2*() and BN_*2bn() functions
(along with BN_print() and BN_options()). More function shuffling will
follow.

Discussed with tb@

18 months agoProvide and use bn_copy_words() in BN_copy().
jsing [Fri, 14 Apr 2023 11:04:24 +0000 (11:04 +0000)]
Provide and use bn_copy_words() in BN_copy().

This is simpler than the current code, while still being well optimised by
compilers, across a range of architectures. In many cases we even get a
performance gain for the BN sizes that we primarily care about.

Joint work with tb@

18 months agoAdd support for truncated SHA512 variants.
jsing [Fri, 14 Apr 2023 10:45:15 +0000 (10:45 +0000)]
Add support for truncated SHA512 variants.

This adds support for SHA512/224 and SHA512/256, as specified in FIPS
FIPS 180-4. These are truncated versions of the SHA512 hash.

ok tb@

18 months agoProvide soon to be used crypto_store_htobe32().
jsing [Fri, 14 Apr 2023 10:42:51 +0000 (10:42 +0000)]
Provide soon to be used crypto_store_htobe32().

ok tb@

18 months agoUse memset() and only initialise non-zero struct members.
jsing [Fri, 14 Apr 2023 10:41:34 +0000 (10:41 +0000)]
Use memset() and only initialise non-zero struct members.

ok tb@

18 months agoFix double free in error path in openssl(1) x509
tb [Fri, 14 Apr 2023 06:47:07 +0000 (06:47 +0000)]
Fix double free in error path in openssl(1) x509

A conversion from X509_REQ_get_pubkey() to X509_REQ_get0_pubkey() missed
one free of pkey in an unlikely error path. After the conversion pkey is
no longer owned by us, so we mustn't free it.

ok jsing

18 months agoadd support for "rockchip,cryptov2-rng"
dlg [Fri, 14 Apr 2023 01:11:32 +0000 (01:11 +0000)]
add support for "rockchip,cryptov2-rng"

the steps to operate rockchip,cryptov2-rng are basically the same
as the existing rockchip,cryptov1-rng support, but the registers
and bits have moved around. add some abstraction for the register
differences and have the state machine call the different backends.

this is present on rk356x chips as the "True Random Number Generator
(TRNG)".

tested on a bunch of different rk3568 boards.
ok kettenis@

18 months agoA tab snuck in
tb [Fri, 14 Apr 2023 00:23:16 +0000 (00:23 +0000)]
A tab snuck in

18 months agoadd the "local experiments" ethertypes
dlg [Thu, 13 Apr 2023 23:02:12 +0000 (23:02 +0000)]
add the "local experiments" ethertypes

18 months agoAvoid an overflow in the ELF SYSV ABI hash function.
millert [Thu, 13 Apr 2023 19:57:30 +0000 (19:57 +0000)]
Avoid an overflow in the ELF SYSV ABI hash function.
The hash function is supposed to return a value less than or equal
to 0x0fffffff.  Due to a bug in the sample code supplied with the
ELF SYSV ABI documentation, the hash function can overflow on 64-bit
systems.  Apply the same fix used by GNU libc, MUSL libc and FreeBSD.
Prompted by https://maskray.me/blog/2023-04-12-elf-hash-function
OK tb@ miod@

18 months agoSprinkle UL suffix to constant literals which don't fit in int. NFCI
miod [Thu, 13 Apr 2023 19:39:50 +0000 (19:39 +0000)]
Sprinkle UL suffix to constant literals which don't fit in int. NFCI

18 months agoCatch up with box drawing characters which have been standardized in unicode
miod [Thu, 13 Apr 2023 18:29:35 +0000 (18:29 +0000)]
Catch up with box drawing characters which have been standardized in unicode
after the original wscons code was written and chose placeholder values.

From NetBSD (wsemul_vt100_chars.c r1.8 and r1.14) via Crystal Kolipe, thanks!

18 months agoUse ANSI-style functions for Base64 wrappers
tb [Thu, 13 Apr 2023 18:20:21 +0000 (18:20 +0000)]
Use ANSI-style functions for Base64 wrappers

Silences a few -Wdeprecated-non-prototype warnings emitted by clang 15.

ok bluhm miod

18 months agoCheck whether products listed on a manifest were issued by the same authority as...
job [Thu, 13 Apr 2023 17:04:02 +0000 (17:04 +0000)]
Check whether products listed on a manifest were issued by the same authority as the manifest itself

OK tb@

18 months agoSimplify how IMSG_CTL_SHOW_RIB_COMMUNITIES is constructed. This can just
claudio [Thu, 13 Apr 2023 15:51:16 +0000 (15:51 +0000)]
Simplify how IMSG_CTL_SHOW_RIB_COMMUNITIES is constructed. This can just
call imsg_compose() and be done with it.
OK tb@

18 months agoGrammar fixes in comments.
miod [Thu, 13 Apr 2023 15:36:28 +0000 (15:36 +0000)]
Grammar fixes in comments.

18 months agopmap_copy() has never, ever, been implemented in any of the platforms OpenBSD
miod [Thu, 13 Apr 2023 15:23:21 +0000 (15:23 +0000)]
pmap_copy() has never, ever, been implemented in any of the platforms OpenBSD
ever ran on, and it's unlikely to ever be implemented, so remove it.
ok jsg@

18 months agoThe NBs have been duly noted and ignored. Drop them.
tb [Thu, 13 Apr 2023 15:18:29 +0000 (15:18 +0000)]
The NBs have been duly noted and ignored. Drop them.

18 months agoZap trailing whitespace
tb [Thu, 13 Apr 2023 15:15:43 +0000 (15:15 +0000)]
Zap trailing whitespace

18 months agoRemove intentionally undocumented pci_{io,mem}_find and convert their last
miod [Thu, 13 Apr 2023 15:07:42 +0000 (15:07 +0000)]
Remove intentionally undocumented pci_{io,mem}_find and convert their last
few users to pci_mapreg_info().

ok jsg@

18 months agoMove USRSTACK to the end of userland address space.
miod [Thu, 13 Apr 2023 15:05:19 +0000 (15:05 +0000)]
Move USRSTACK to the end of userland address space.

18 months agoRemove files that definitely contain no code anymore
tb [Thu, 13 Apr 2023 15:04:19 +0000 (15:04 +0000)]
Remove files that definitely contain no code anymore
(experts disagree whether they ever did)

18 months agoDrop now useless files from the Makefile
tb [Thu, 13 Apr 2023 15:01:18 +0000 (15:01 +0000)]
Drop now useless files from the Makefile

18 months agoFold ECDSA sign and verify mess into ecs_ossl.c
tb [Thu, 13 Apr 2023 15:00:24 +0000 (15:00 +0000)]
Fold ECDSA sign and verify mess into ecs_ossl.c

discussed with jsing

18 months agoMove RSA_generate_key() from rsa_depr.c to rsa_gen.c
tb [Thu, 13 Apr 2023 14:59:13 +0000 (14:59 +0000)]
Move RSA_generate_key() from rsa_depr.c to rsa_gen.c

Discussed with jsing

18 months agoMove DSA_generate_parameters() from dsa_depr.c to dsa_gen.c
tb [Thu, 13 Apr 2023 14:58:27 +0000 (14:58 +0000)]
Move DSA_generate_parameters() from dsa_depr.c to dsa_gen.c

Discussed with jsing

18 months agoMove DH_generate_parameters() from dh_depr.c to dh_gen.c
tb [Thu, 13 Apr 2023 14:57:00 +0000 (14:57 +0000)]
Move DH_generate_parameters() from dh_depr.c to dh_gen.c

discussed with jsing

18 months agoSort commands alphabetically both in the tables and manpage.
claudio [Thu, 13 Apr 2023 11:52:43 +0000 (11:52 +0000)]
Sort commands alphabetically both in the tables and manpage.
OK tb@

18 months agoFix compilation on sparc64.
mbuhl [Thu, 13 Apr 2023 11:32:06 +0000 (11:32 +0000)]
Fix compilation on sparc64.

18 months agozap leftover lines from previous
kn [Thu, 13 Apr 2023 10:23:21 +0000 (10:23 +0000)]
zap leftover lines from previous

18 months agoec_lib.c: fix a few NULL misspellings
tb [Thu, 13 Apr 2023 07:44:12 +0000 (07:44 +0000)]
ec_lib.c: fix a few NULL misspellings

18 months agoFix various early return issues spotted by coverity
tb [Thu, 13 Apr 2023 06:48:18 +0000 (06:48 +0000)]
Fix various early return issues spotted by coverity

A large mechanical diff led to sloppy review and gave coverity an
opportunity to be right for once. First time in a good many weeks.

same diff/ok jsing

18 months agoectest: missing error checking
tb [Thu, 13 Apr 2023 05:25:30 +0000 (05:25 +0000)]
ectest: missing error checking

CID 452228

18 months agoremove duplicate includes
jsg [Thu, 13 Apr 2023 02:19:04 +0000 (02:19 +0000)]
remove duplicate includes
ok deraadt@ miod@ krw@

18 months agobgpctl network bulk requires now the specification of 'add' or 'delete'.
claudio [Wed, 12 Apr 2023 17:19:16 +0000 (17:19 +0000)]
bgpctl network bulk requires now the specification of 'add' or 'delete'.
In the add case the extra attributes can be specified afterwards.
This makes the parser behave cleaner since 'add' and 'delete' are removed
from the attribute set table.
OK tb@

18 months agoPull MP-safe arprequest() out of kernel lock
kn [Wed, 12 Apr 2023 16:14:42 +0000 (16:14 +0000)]
Pull MP-safe arprequest() out of kernel lock

Defer sending after unlock, reuse `refresh' from similar construct.

OK bluhm

18 months agoregen
kettenis [Wed, 12 Apr 2023 15:56:33 +0000 (15:56 +0000)]
regen

18 months agoAdd BCM4388.
kettenis [Wed, 12 Apr 2023 15:56:08 +0000 (15:56 +0000)]
Add BCM4388.

ok patrick@, deraadt@

18 months agocorrect the entry for chilepeso; from jan stary
jmc [Wed, 12 Apr 2023 15:26:26 +0000 (15:26 +0000)]
correct the entry for chilepeso; from jan stary

18 months agoremove duplicate signal.h include
jsg [Wed, 12 Apr 2023 14:22:04 +0000 (14:22 +0000)]
remove duplicate signal.h include

18 months agoSimplify code by folding uuid_attr() into PRT_protected_uuid().
krw [Wed, 12 Apr 2023 13:11:37 +0000 (13:11 +0000)]
Simplify code by folding uuid_attr() into PRT_protected_uuid().

No functional change.

18 months agoClarify logic in PRT_uuid_to_menudflt() by using find_gpt_menuitem().
krw [Wed, 12 Apr 2023 12:35:30 +0000 (12:35 +0000)]
Clarify logic in PRT_uuid_to_menudflt() by using find_gpt_menuitem().

No functional change.

18 months agoregen
kettenis [Wed, 12 Apr 2023 10:12:42 +0000 (10:12 +0000)]
regen

18 months agoAdd PCI IDs for the 2nd generation Aquantio 10G NICs.
kettenis [Wed, 12 Apr 2023 10:12:14 +0000 (10:12 +0000)]
Add PCI IDs for the 2nd generation Aquantio 10G NICs.

ok mlarkin@

18 months agoremove duplicate lines
jsg [Wed, 12 Apr 2023 09:55:22 +0000 (09:55 +0000)]
remove duplicate lines

18 months agoAdd test for multiprotocol announce statements
claudio [Wed, 12 Apr 2023 09:09:41 +0000 (09:09 +0000)]
Add test for multiprotocol announce statements

18 months agoremove duplicate lines
jsg [Wed, 12 Apr 2023 09:07:42 +0000 (09:07 +0000)]
remove duplicate lines

18 months agofix double words
jsg [Wed, 12 Apr 2023 08:53:54 +0000 (08:53 +0000)]
fix double words
ok dtucker@

18 months agoFix 24bit maximum/mask in manpage. Noticed by wangqr on github.
claudio [Wed, 12 Apr 2023 08:32:27 +0000 (08:32 +0000)]
Fix 24bit maximum/mask in manpage. Noticed by wangqr on github.

18 months agoRemove now unused sha_local.h.
jsing [Wed, 12 Apr 2023 05:16:08 +0000 (05:16 +0000)]
Remove now unused sha_local.h.

18 months agoProvide and use crypto_ro{l,r}_u{32,64}().
jsing [Wed, 12 Apr 2023 04:54:15 +0000 (04:54 +0000)]
Provide and use crypto_ro{l,r}_u{32,64}().

Various code in libcrypto needs bitwise rotation - rather than defining
different versions across the code base, provide a common set that can
be reused. Any sensible compiler optimises these to a single instruction
where the architecture supports it, which means we can ditch the inline
assembly.

On the chance that we need to provide a platform specific versions, this
follows the approach used in BN where a MD crypto_arch.h header could be
added in the future, which would then provide more specific versions of
these functions.

ok tb@

18 months agoProvide and use crypto_store_htobe64().
jsing [Wed, 12 Apr 2023 04:40:39 +0000 (04:40 +0000)]
Provide and use crypto_store_htobe64().

It is common to need to store data in a specific endianness - rather than
handrolling and deduplicating code to do this, provide a
crypto_store_htobe64() function that converts from host endian to big
endian, before storing the data to a location with unknown alignment.

ok tb@

18 months agoAlign printing of geofeed records in filemode
job [Wed, 12 Apr 2023 03:53:40 +0000 (03:53 +0000)]
Align printing of geofeed records in filemode

18 months agoremove unused buffer selection code
jsg [Wed, 12 Apr 2023 02:20:07 +0000 (02:20 +0000)]
remove unused buffer selection code
ok visa@

18 months agoAbstract find_[gpt|mbr]_menuitem() to simplify code and
krw [Tue, 11 Apr 2023 21:14:19 +0000 (21:14 +0000)]
Abstract find_[gpt|mbr]_menuitem() to simplify code and
prepare for future uses.

No functional change.

18 months agoHandle BN_CTX at the EC API boundary.
jsing [Tue, 11 Apr 2023 18:58:20 +0000 (18:58 +0000)]
Handle BN_CTX at the EC API boundary.

The EC API allows callers to optionally pass in a BN_CTX, which means that
any code needing a BN_CTX has to check if one was provided, allocate one if
not, then free it again. Rather than doing this dance throughout the EC
code, handle the BN_CTX existance at the EC API boundary. This means that
lower level implementation code can simply assume that the BN_CTX is
available.

ok tb@

18 months agoClean up unused BIGNUM.
jsing [Tue, 11 Apr 2023 18:53:20 +0000 (18:53 +0000)]
Clean up unused BIGNUM.

18 months agoSimplify code by passing pointers to the appropriate type to
krw [Tue, 11 Apr 2023 17:26:59 +0000 (17:26 +0000)]
Simplify code by passing pointers to the appropriate type to
find_gpt_desc() and find_mbr_desc().

No functional change.

18 months agoDocument the RETURN VALUES of BIO_method_type(3) and BIO_method_name(3)
schwarze [Tue, 11 Apr 2023 16:58:43 +0000 (16:58 +0000)]
Document the RETURN VALUES of BIO_method_type(3) and BIO_method_name(3)
for the various BIO types.

18 months agoShuffle mbr and gpt function prototypes and declarations together.
krw [Tue, 11 Apr 2023 16:34:51 +0000 (16:34 +0000)]
Shuffle mbr and gpt function prototypes and declarations together.

No functional change.

18 months agoRecommit jsing's r1.27 - portable is ready
tb [Tue, 11 Apr 2023 15:38:55 +0000 (15:38 +0000)]
Recommit jsing's r1.27 - portable is ready

Use htobe64() instead of testing BYTE_ORDER and then handrolling htobe64().

Thanks to tobhe for providing most of the fix via openiked-portable

18 months agoWhile all the BIO_TYPE_* constants are part of the API, most of their
schwarze [Tue, 11 Apr 2023 15:35:31 +0000 (15:35 +0000)]
While all the BIO_TYPE_* constants are part of the API, most of their
values are only part of the ABI and not of the API, so delete them
from the SYNOPSIS: application programmers must not rely on the
specific values.

Instead of listing the specific values, properly describe the meaning
of all these constants.

However, the values of BIO_TYPE_NONE and BIO_TYPE_START are hard-coded
into the API and application programmers need to be aware of their
values, so those remain in the SYNOPSIS.

18 months agobe more forceful in pointing people to bulk(8) and proot(1).
espie [Tue, 11 Apr 2023 15:02:56 +0000 (15:02 +0000)]
be more forceful in pointing people to bulk(8) and proot(1).

18 months agoBack out r1.27 using htobe64() - apparently some OS don't have it.
tb [Tue, 11 Apr 2023 13:03:03 +0000 (13:03 +0000)]
Back out r1.27 using htobe64() - apparently some OS don't have it.

ok jsing

18 months agogive people a chance to find bulk(8) from proot(1)
espie [Tue, 11 Apr 2023 11:23:09 +0000 (11:23 +0000)]
give people a chance to find bulk(8) from proot(1)

18 months agoConsolidate sha1 into a single file.
jsing [Tue, 11 Apr 2023 10:41:10 +0000 (10:41 +0000)]
Consolidate sha1 into a single file.

18 months agoConsolidate sha1 into a single file.
jsing [Tue, 11 Apr 2023 10:39:50 +0000 (10:39 +0000)]
Consolidate sha1 into a single file.

18 months agoSimplify handling of big vs little endian.
jsing [Tue, 11 Apr 2023 10:35:21 +0000 (10:35 +0000)]
Simplify handling of big vs little endian.

Rather than sprinkling BYTE_ORDER checks throughout the implementation,
always define PULL64 - on big endian platforms it just becomes a no-op.

ok tb@

18 months agoUse htobe64() instead of testing BYTE_ORDER and then handrolling htobe64().
jsing [Tue, 11 Apr 2023 10:32:21 +0000 (10:32 +0000)]
Use htobe64() instead of testing BYTE_ORDER and then handrolling htobe64().

ok tb@

18 months agoOmit sha512_block_data_order() prototype when assembly is not being used.
jsing [Tue, 11 Apr 2023 10:26:29 +0000 (10:26 +0000)]
Omit sha512_block_data_order() prototype when assembly is not being used.

In the case that the pure C implementation of SHA512 is being used, the
prototype is unnecessary as the function is declared static and exists
in dependency order. Simply omit the prototype rather than using #ifndef
to toggle the static prefix.

ok tb@

18 months agoRemove less than useful implementation notes.
jsing [Tue, 11 Apr 2023 10:21:02 +0000 (10:21 +0000)]
Remove less than useful implementation notes.

ok tb@

18 months agobn_mod_sqrt: remove no longer necessary complications due to the
tb [Tue, 11 Apr 2023 10:10:52 +0000 (10:10 +0000)]
bn_mod_sqrt: remove no longer necessary complications due to the
non-deterministic nature of the old implementation.

18 months agoAdd a new implementation of BN_mod_sqrt()
tb [Tue, 11 Apr 2023 10:08:44 +0000 (10:08 +0000)]
Add a new implementation of BN_mod_sqrt()

This is a reimplementation from scratch of the Tonelli-Shanks algorithm
based on Henri Cohen "A Course in Computational Algebraic Number Theory",
Springer GTM 138, section 1.5.1. It is API compatible with the previous
implementation, so no documentation change is required.

Contrary to the old implementation, this does not have any infinite loops
and has various additional sanity checks to prevent misbehavior in case
the input modulus is not a prime. It contains extensive comments and the
individual parts of the algorithm are split into digestible chunks instead
of having one huge function.

One difference of note is that it BN_mod_sqrt() now always returns the
smaller of the two possible answers. In other words, while its core is
non-deterministic, its answer is not.

ok jsing

18 months agoCorrect benchmark result computation on 32 bit platforms.
jsing [Tue, 11 Apr 2023 05:53:53 +0000 (05:53 +0000)]
Correct benchmark result computation on 32 bit platforms.

18 months agoNuke unused function prototype.
mglocker [Tue, 11 Apr 2023 04:45:11 +0000 (04:45 +0000)]
Nuke unused function prototype.
Only acknowledge interrupts when one was active.

ok kettenis@

18 months agofix double words in comments
jsg [Tue, 11 Apr 2023 00:45:06 +0000 (00:45 +0000)]
fix double words in comments
feedback and ok jmc@ miod, ok millert@

18 months agoadd missing write of SAB_DAFO
jsg [Mon, 10 Apr 2023 23:18:08 +0000 (23:18 +0000)]
add missing write of SAB_DAFO
ok miod@ who tested on Ultra 5

18 months agoSome more cleanup in bn_to_string
tb [Mon, 10 Apr 2023 21:00:16 +0000 (21:00 +0000)]
Some more cleanup in bn_to_string

18 months agoDrop BN_NO_DEPRECATED dance from bn_test
tb [Mon, 10 Apr 2023 20:59:33 +0000 (20:59 +0000)]
Drop BN_NO_DEPRECATED dance from bn_test

18 months agoMake GPT display of menu hex octet the same as the MBR display.
krw [Mon, 10 Apr 2023 19:44:43 +0000 (19:44 +0000)]
Make GPT display of menu hex octet the same as the MBR display.
i.e.  two digits.

18 months agoProvide benchmarks for BN_copy()
jsing [Mon, 10 Apr 2023 19:02:30 +0000 (19:02 +0000)]
Provide benchmarks for BN_copy()

18 months agoFix indentation of structs and unions in x509v3.h
tb [Mon, 10 Apr 2023 16:46:00 +0000 (16:46 +0000)]
Fix indentation of structs and unions in x509v3.h

No change according to diff -w

18 months agoEnable caps lock LED on modern Apple laptop keyboards.
tobhe [Mon, 10 Apr 2023 15:14:04 +0000 (15:14 +0000)]
Enable caps lock LED on modern Apple laptop keyboards.

ok kettenis@ patrick@

18 months agoMake bn_to_string() static
tb [Mon, 10 Apr 2023 14:10:26 +0000 (14:10 +0000)]
Make bn_to_string() static

This function is no longer used directly by regress, so it can now be local
to this file.

18 months agobn_to_string no longer needs to be linked statically
tb [Mon, 10 Apr 2023 13:57:57 +0000 (13:57 +0000)]
bn_to_string no longer needs to be linked statically

18 months agoRework the bn_to_string() to use public API
tb [Mon, 10 Apr 2023 13:57:32 +0000 (13:57 +0000)]
Rework the bn_to_string() to use public API

We can use the undocumented functions {i2s,s2i}_ASN1_INTEGER(3) to
exercise bn_to_string(). This way we use public API and remove the
need of linking statically.

18 months agoVarious wording tweaks for clarity and precision, and a few for conciseness.
schwarze [Mon, 10 Apr 2023 13:40:16 +0000 (13:40 +0000)]
Various wording tweaks for clarity and precision, and a few for conciseness.
OK jmc@ and Ted Bullock

18 months agoMore deduplication: talk about environment variable in one place, not two.
schwarze [Mon, 10 Apr 2023 13:32:29 +0000 (13:32 +0000)]
More deduplication: talk about environment variable in one place, not two.
Clarify that the variables only affect the event_base structure currently
being created.  They do not disable "library support" as a whole.
Sort the variables alphabetically.

OK jmc@ and Ted Bullock

18 months agofix 'in in'
jsg [Mon, 10 Apr 2023 12:57:15 +0000 (12:57 +0000)]
fix 'in in'

18 months agofix setting parity bits
jsg [Mon, 10 Apr 2023 12:11:22 +0000 (12:11 +0000)]
fix setting parity bits
ok mglocker@

18 months agospelling
jsg [Mon, 10 Apr 2023 04:21:19 +0000 (04:21 +0000)]
spelling

18 months agoTreat symlinks better in $ORIGIN determination in ld.so
gnezdo [Sun, 9 Apr 2023 23:41:47 +0000 (23:41 +0000)]
Treat symlinks better in $ORIGIN determination in ld.so

Now symlinking an executable away from the rest of its installation
tree no longer prevents it from finding the libraries. This matches
the behavior of other OS linkers. Prompted by a behavior change in
lang/ghc test suite.

Swapped the order of dirname/realpath in _dl_origin_path.

Added some regress tests that pass and then bin3 that fails without
this change and reflects the behavior needd for lang/ghc.

Suggestion by semarie@, OK deraadt@

18 months agoSo clang 13 miscompiles dev/usb/umass_scsi.c with the combination if -Oz
kettenis [Sun, 9 Apr 2023 19:48:37 +0000 (19:48 +0000)]
So clang 13 miscompiles dev/usb/umass_scsi.c with the combination if -Oz
and -mbranch-protection=bti.  So turn off the BTI protection in ramdisk
kernels for now.

ok deraadt@, miod@, phessler@

18 months agoMove a few functions out of OPENSSL_NO_DEPRECATED
tb [Sun, 9 Apr 2023 19:10:23 +0000 (19:10 +0000)]
Move a few functions out of OPENSSL_NO_DEPRECATED

Geoff Thorpe added OPENSSL_NO_DEPRECATED nearly two decades ago. The hope
was that at some point some functions can be dropped. Most of the functions
marked deprecated are actually unused nowadays but unfortunately some of
them are still used in the ecosystem. Move them out of OPENSSL_NO_DEPRECATED
so we can define it without breaking the consumers in the next bump.

ERR_remove_state() is still used by a dozen or so ports. This isn't a big
deal since it is just a stupid wrapper for the not quite as deprecated
ERR_remove_thread_state(). It's not worth patching these ports.

Annoyingly, {DH,DSA}_generate_parameters() and RSA_generate_key() are still
used. They "make use" of the old-style BN_GENCB callback, which is therefore
more difficult to remove - in case you don't know know: that's the thing
responsible for printing pretty '.', '+' and '*' when you generate keys.

Most annoyingly, DH_generate_parameters() was added to rust-openssl in 2020
for "advanced DH support". This is very unfortunate since cargo bundles a
rust-openssl and updates it only every few years or so. As a consequence
we're going to be stuck with this nonsense for a good while.

ok beck jsing

18 months agoRemove some doubled empty lines
tb [Sun, 9 Apr 2023 18:38:59 +0000 (18:38 +0000)]
Remove some doubled empty lines

18 months agoRemove X9.31 support from openssl(1)
tb [Sun, 9 Apr 2023 18:33:26 +0000 (18:33 +0000)]
Remove X9.31 support from openssl(1)

The X9.31 standard has long been retired and deprecated and libcrypto will
drop support for it soon. This prepares userland.

ok jsing

18 months agoDrop X9.31 support from libtls
tb [Sun, 9 Apr 2023 18:26:26 +0000 (18:26 +0000)]
Drop X9.31 support from libtls

The TLS signer isn't exposed in public API (we should finally fix it...)
and it supports X9.31, a standard that has been retired and deprecated for
a very long time. libcrypto will stop supporting it soon, this step is
needed to prepare userland.

ok jsing

18 months agodon't attach temperature sensors for which there is no TMP# node in
jcs [Sun, 9 Apr 2023 17:50:02 +0000 (17:50 +0000)]
don't attach temperature sensors for which there is no TMP# node in
the DSDT, and verify the result of the fetch when updating it later.

ok kn