openbsd
20 months agoStop trying to use EC_GFp_nist_method().
jsing [Wed, 8 Mar 2023 05:35:51 +0000 (05:35 +0000)]
Stop trying to use EC_GFp_nist_method().

Currently, if compiled without OPENSSL_BN_ASM_MONT,
EC_GROUP_new_curve_GFp() tries to use EC_GFp_nist_method(), falling back to
EC_GFp_mont_method() if it is not a NIST curve (if OPENSSL_BN_ASM_MONT is
defined we use EC_GFp_mont_method() unconditionally).

Now that we have a reasonable non-assembly Montgomery implementation, the
performance of EC_GFp_nist_method() is either similar or slower than
EC_GFp_mont_method() (the exception being P-521, however if you're using
that you're not doing it for performance reasons anyway).

The EC_GFp_nist_method() uses rather scary BN NIST code (which would
probably already be removed, if not for the BN and EC public APIs), it uses
code paths that are currently less constant time, and there is additional
overhead in checking to see if the curve is actually supported.

Stop trying to use EC_GFp_nist_method() and unconditionally use
EC_GFp_mont_method() in all cases. While here, factor out the common
setup code and call it from both EC_GROUP_new_curve_GFp() and
EC_GROUP_new_curve_GF2m().

ok beck@ tb@

20 months agossh-pkcs11: synchronize error messages with errors
tb [Wed, 8 Mar 2023 05:33:53 +0000 (05:33 +0000)]
ssh-pkcs11: synchronize error messages with errors

A handful of error messages contained incorrect function names or
otherwise inaccurate descriptions. Fix them to match reality.

input/ok djm

20 months agoRemove acceptable audit.
jsing [Wed, 8 Mar 2023 05:17:33 +0000 (05:17 +0000)]
Remove acceptable audit.

This code would need changes to be safe to use concurrently - remove it
since it is somewhat incomplete and needs reworking.

Requested by tb@

20 months agoRemove EC_FLAGS_DEFAULT_OCT.
jsing [Wed, 8 Mar 2023 04:50:27 +0000 (04:50 +0000)]
Remove EC_FLAGS_DEFAULT_OCT.

The EC code has an amazing array of function pointer hooks, such that a
method can hook into almost any operation... and then there is the
EC_FLAGS_DEFAULT_OCT flag, which adds a bunch of complex code and #ifdef
so you can avoid setting three of those function pointers!

Remove EC_FLAGS_DEFAULT_OCT, the now unused flags field from EC_METHOD,
along with the various code that was wrapped in EC_FLAGS_DEFAULT_OCT,
setting the three function pointers that need to be set in each of the
EC_METHODs.

ok beck@ tb@

20 months agoDelete obsolete /* ARGSUSED */ lint comments.
guenther [Wed, 8 Mar 2023 04:43:04 +0000 (04:43 +0000)]
Delete obsolete /* ARGSUSED */ lint comments.

ok miod@ millert@

20 months agouse RSA/SHA256 when testing usability of private key in agent;
djm [Wed, 8 Mar 2023 00:05:58 +0000 (00:05 +0000)]
use RSA/SHA256 when testing usability of private key in agent;
with/ok dtucker

20 months agouse RSA/SHA256 when testing usability of private key;
djm [Wed, 8 Mar 2023 00:05:37 +0000 (00:05 +0000)]
use RSA/SHA256 when testing usability of private key;
based on fix in bz3546 by Dmitry Belyavskiy; with/ok dtucker

20 months agorefactor to be more readable top to bottom. Prompted by Coverity CID
djm [Tue, 7 Mar 2023 21:47:42 +0000 (21:47 +0000)]
refactor to be more readable top to bottom. Prompted by Coverity CID
405048 which was a false-positive fd leak; ok dtucker@

20 months agoAvoid enabling TSO on interfaces which are already attached to a bridge.
jan [Tue, 7 Mar 2023 20:09:47 +0000 (20:09 +0000)]
Avoid enabling TSO on interfaces which are already attached to a bridge.

with tweaks from claudio and deraadt

ok claudio, bluhm

20 months agoDelete obsolete /* ARGSUSED1 */ lint comments.
guenther [Tue, 7 Mar 2023 17:43:59 +0000 (17:43 +0000)]
Delete obsolete /* ARGSUSED1 */ lint comments.

ok claudio@ cheloha@ krw@ deraadt@ miod@ millert@

20 months agoUse "installboot -p"; tested by/OK miod
kn [Tue, 7 Mar 2023 17:37:26 +0000 (17:37 +0000)]
Use "installboot -p"; tested by/OK miod

20 months agoInitial support for guided disk encryption
kn [Tue, 7 Mar 2023 17:29:42 +0000 (17:29 +0000)]
Initial support for guided disk encryption

One new question to cover the most common use case, such that manual setup
in (S)hell or '!' prior to install is no longer required:

    Encrypt the root disk? (disk, 'no' or '?' for details) [no] ?

    Create a passphrase protected CRYPTO softraid volume to be used as root disk.

    Available disks are: sd0.
    Encrypt the root disk? (disk, 'no' or '?' for details) [no]

Use of keydisk or different disciplines are not covered.
Only asked in interactive installations;  no autoinstall(8) or upgrades.
Only reachable on i386, amd64, sparc64 and riscv64 for now (arm64 WIP).

Tested by cheloha naddy and a few users
Feedback from cheloha deraadt claudio
OK cheloha
"get it in now" deraadt

20 months agoNuke pointless 'pb#N:ob#0:' lines from floppy
krw [Tue, 7 Mar 2023 16:41:08 +0000 (16:41 +0000)]
Nuke pointless 'pb#N:ob#0:' lines from floppy
types.

ok miod@

20 months agoImprove decoded content printing in filemode
job [Tue, 7 Mar 2023 14:49:32 +0000 (14:49 +0000)]
Improve decoded content printing in filemode

Looks reasonable claudio@

20 months agorestore tags for commands lost in r1.112 restructuring; OK jmc
kn [Tue, 7 Mar 2023 10:58:39 +0000 (10:58 +0000)]
restore tags for commands lost in r1.112 restructuring; OK jmc

20 months agoRemove pre-c99 gcc workaround which is no longer needed.
claudio [Tue, 7 Mar 2023 10:30:38 +0000 (10:30 +0000)]
Remove pre-c99 gcc workaround which is no longer needed.

20 months agoAdd some minimal initialization code for rk356x such that the kernel
kettenis [Tue, 7 Mar 2023 10:24:11 +0000 (10:24 +0000)]
Add some minimal initialization code for rk356x such that the kernel
doesn't hang.

ok millert@, dlg@

20 months agoImprove bn_montgomery_multiply_words().
jsing [Tue, 7 Mar 2023 09:42:09 +0000 (09:42 +0000)]
Improve bn_montgomery_multiply_words().

Rather than calling bn_mul_add_words() twice - once to multiply and once
to reduce - perform the multiplication and reduction in a single pass using
bn_mulw_addw_addw() directly. Also simplify the addition of the resulting
carries, which in turn allows us to avoid zeroing the top half of the
temporary words.

This provides a ~20-25% performance improvement for RSA operations on
aarch64.

ok tb@

20 months agoSlightly rework bn_mulw_addtw().
jsing [Tue, 7 Mar 2023 09:35:55 +0000 (09:35 +0000)]
Slightly rework bn_mulw_addtw().

Call bn_mulw_addw() rather than doing bn_mulw() follow by bn_addw(). This
simplifies the code slightly, plus on some platforms bn_mulw_addw() can
be optimised (and bn_mulw_addtw() will then benefit from such an
optimisation).

ok tb@

20 months agoCall BN_free() instead of BN_clear_free().
jsing [Tue, 7 Mar 2023 09:27:10 +0000 (09:27 +0000)]
Call BN_free() instead of BN_clear_free().

BN_clear_free() is a wrapper that calls BN_free() - call BN_free() directly
instead.

ok tb@

20 months agompls gateway clarification; from claudio
jmc [Tue, 7 Mar 2023 07:54:59 +0000 (07:54 +0000)]
mpls gateway clarification; from claudio

20 months agoFix another return value check for CMS_SharedInfo_encode()
tb [Tue, 7 Mar 2023 07:01:35 +0000 (07:01 +0000)]
Fix another return value check for CMS_SharedInfo_encode()

This should have been included in a previous diff/commit...

20 months agoLimit bn_mul_mont() usage to sizes less than or equal to 8192 bits.
jsing [Tue, 7 Mar 2023 06:28:36 +0000 (06:28 +0000)]
Limit bn_mul_mont() usage to sizes less than or equal to 8192 bits.

The assembly bn_mul_mont() implementations effectively use alloca() to
allocate space for computation (at up to 8x the input size), without
any limitation. This means that sufficiently large inputs lead to the
stack being blown. Prevent this by using the C based implementation
instead.

Thanks to Jiayi Lin <jlin139 at asu dot edu> for reporting this to us.

ok beck@ tb@

20 months agoImplement bn_montgomery_multiply()
jsing [Tue, 7 Mar 2023 06:19:44 +0000 (06:19 +0000)]
Implement bn_montgomery_multiply()

Provide a constant-time-style Montgomery multiplication implementation.
Use this in place of the assembly bn_mul_mont() on platforms that either
do not have an assembly implementation or have not compiled it in.

Also use this as the fallback version for bn_mul_mont(), rather than
falling back to a non-constant time implementation.

ok beck@ tb@

20 months agoRefactor BN_mod_mul_montgomery().
jsing [Tue, 7 Mar 2023 06:15:09 +0000 (06:15 +0000)]
Refactor BN_mod_mul_montgomery().

Pull out the simplistic implementation (using BN_mul() or BN_sqr()) into a
bn_mod_mul_montgomery_simple() function. Provide bn_mod_mul_montgomery()
with an implementation that changes depending on if the assembly
bn_mul_mont() is available or not. Turn BN_mod_mul_montgomery() and
BN_to_montgomery() into callers of bn_mod_mul_montgomery().

ok beck@ tb@

20 months agoMake order of pub_key and priv_key the same everywhere
tb [Tue, 7 Mar 2023 06:15:07 +0000 (06:15 +0000)]
Make order of pub_key and priv_key the same everywhere

20 months agoFix OpenSSL version in HISTORY section
tb [Tue, 7 Mar 2023 06:12:27 +0000 (06:12 +0000)]
Fix OpenSSL version in HISTORY section

20 months agoFix mem leak in environment setup. From jjelen at redhat.com via
dtucker [Tue, 7 Mar 2023 06:09:14 +0000 (06:09 +0000)]
Fix mem leak in environment setup.  From jjelen at redhat.com via
bz#2687, ok djm@

20 months agoDelete unused and unsafe bn_mul_mont() example code.
jsing [Tue, 7 Mar 2023 06:05:06 +0000 (06:05 +0000)]
Delete unused and unsafe bn_mul_mont() example code.

This came from bn_asm.c and did not even compile until recently.

ok beck@ tb@

20 months agoFix comment for bn_mul2_mulw_addtw()
jsing [Tue, 7 Mar 2023 05:57:01 +0000 (05:57 +0000)]
Fix comment for bn_mul2_mulw_addtw()

20 months agoMove EC_GFp_simple_method() to the bottom of the file.
jsing [Tue, 7 Mar 2023 05:54:40 +0000 (05:54 +0000)]
Move EC_GFp_simple_method() to the bottom of the file.

Most of the implemeentation functions for EC_GFp_simple_method() are reused
by other code, hence they cannot be made static. However, this keeps the
pattern consistent.

ok tb@

20 months agoBasic cleanup in asn1pars.c
tb [Tue, 7 Mar 2023 05:53:17 +0000 (05:53 +0000)]
Basic cleanup in asn1pars.c

Drop extra parentheses, unwrap some lines, compare pointers against NULL.

20 months agoUse static functions for EC_GF2m_simple_method() implementation.
jsing [Tue, 7 Mar 2023 05:50:59 +0000 (05:50 +0000)]
Use static functions for EC_GF2m_simple_method() implementation.

Move the EC_METHOD to the bottom of the file, which allows implementation
functions to become static. Remove unneeded prototypes.

ok tb@

20 months agoUse static functions for EC_GFp_nist_method() implementation.
jsing [Tue, 7 Mar 2023 05:45:14 +0000 (05:45 +0000)]
Use static functions for EC_GFp_nist_method() implementation.

Move the EC_METHOD to the bottom of the file, which allows implementation
functions to become static. Remove unneeded prototypes.

ok tb@

20 months agoUse static functions for EC_GFp_mont_method() implementation.
jsing [Tue, 7 Mar 2023 05:41:18 +0000 (05:41 +0000)]
Use static functions for EC_GFp_mont_method() implementation.

Move the EC_METHOD to the bottom of the file, which allows all
implementation functions to become static. Remove unneeded prototypes.

ok tb@

20 months agofix memory leak in process_read() path; Spotted by James Robinson
djm [Tue, 7 Mar 2023 05:37:26 +0000 (05:37 +0000)]
fix memory leak in process_read() path; Spotted by James Robinson
in GHPR363; ok markus@

20 months agoFix formatting of comments.
jsing [Tue, 7 Mar 2023 05:35:13 +0000 (05:35 +0000)]
Fix formatting of comments.

20 months agoConsolidate clear code for EC_GFp_mont_method.
jsing [Tue, 7 Mar 2023 05:28:12 +0000 (05:28 +0000)]
Consolidate clear code for EC_GFp_mont_method.

Use a fang dangled thing (known as a function) to avoid duplicating the
same code in five places.

ok tb@

20 months agocorrect size for array argument when changing UMAC_OUTPUT_LEN
djm [Tue, 7 Mar 2023 01:30:52 +0000 (01:30 +0000)]
correct size for array argument when changing UMAC_OUTPUT_LEN
Coverity CID 291845; ok dtucker@

20 months agoDelete extraneous trailing blank line.
krw [Mon, 6 Mar 2023 21:16:50 +0000 (21:16 +0000)]
Delete extraneous trailing blank line.

20 months agoEnforce X509v3 SKIs to be the SHA-1 hash of the Subject Public Key
job [Mon, 6 Mar 2023 21:00:41 +0000 (21:00 +0000)]
Enforce X509v3 SKIs to be the SHA-1 hash of the Subject Public Key

In the RPKI-context (RFC 6487 section 4.8.2), SKIs are not at all
arbitary identifiers: they must be the SHA-1 hash of the
'Subject Public Key'. Add a SPK digest calculation and comparison
to the X509v3 extension containing the SKI.

OK tb@

20 months agoCorrectly account the number of bytes processed when outputting UTF-8 encoded
miod [Mon, 6 Mar 2023 20:34:35 +0000 (20:34 +0000)]
Correctly account the number of bytes processed when outputting UTF-8 encoded
characters.

20 months agoFor conciseness sake' remove non-optional items in references in STANDARDS
job [Mon, 6 Mar 2023 19:20:34 +0000 (19:20 +0000)]
For conciseness sake' remove non-optional items in references in STANDARDS

Discussed with deraadt@ tb@ claudio@

20 months agoClean up ndef_{prefix,suffix}_free()
tb [Mon, 6 Mar 2023 19:10:14 +0000 (19:10 +0000)]
Clean up ndef_{prefix,suffix}_free()

These functions are rather similar, so there's no need for the code to
be wildly different. Add a missing NULL check to ndef_prefix_free() since
that will be needed in a subsequent commit.

ok jsing

20 months agoRemove pointless ":ob#0:pb#0:[tb=swap:]" disktab lines.
krw [Mon, 6 Mar 2023 18:12:47 +0000 (18:12 +0000)]
Remove pointless ":ob#0:pb#0:[tb=swap:]" disktab lines.

ok miod@

20 months agoUse GPT_UUID_NBSD_UFS, not GPT_UUID_FBSD_DATA, for NetBSD GPT
krw [Mon, 6 Mar 2023 17:42:39 +0000 (17:42 +0000)]
Use GPT_UUID_NBSD_UFS, not GPT_UUID_FBSD_DATA, for NetBSD GPT
partition entries.

Add GPT_UUID_LEGACY_MBR entry to list of known partition id's as
it is defined in the UEFI Standard.

20 months agoDefine a few more attributes for the sake of the readattr subcommand;
miod [Mon, 6 Mar 2023 17:39:54 +0000 (17:39 +0000)]
Define a few more attributes for the sake of the readattr subcommand;
curated and contributed by Brian Conway, thanks!

20 months agoIn iskmemdev(), do not check for the minor of /dev/io. It has been
miod [Mon, 6 Mar 2023 17:20:05 +0000 (17:20 +0000)]
In iskmemdev(), do not check for the minor of /dev/io. It has been
deprecated more than 25 years ago and removed more than 20.
From Crystal Kolipe, thanks!

20 months agoReplace old'n'wrong UTF-8 logic with a better one borrowed from Citrus;
miod [Mon, 6 Mar 2023 17:14:44 +0000 (17:14 +0000)]
Replace old'n'wrong UTF-8 logic with a better one borrowed from Citrus;
issue reported by Crystal Kolipe on tech@

20 months agoEnsure .cer and .crl outside-TBS signatures are sha256WithRSAEncryption
job [Mon, 6 Mar 2023 16:58:41 +0000 (16:58 +0000)]
Ensure .cer and .crl outside-TBS signatures are sha256WithRSAEncryption

Note: there is a potential for confusion in RFC 7935, the specification
differentiates between 2 contexts: "in the certificate" and "CMS SignedData".

In the CMS context, either rsaEncryption or sha256WithRSAEncryption can
appear (and both *do* appear in the wild).

However, RFC 7935 section 2 fourth paragraph starting with "In certificates,
CRLs, ..." mandates that sha256WithRSAEncryption is used to sign .cer and
.crl files:

    "The Object Identifier (OID) sha256WithRSAEncryption from RFC4055 MUST
    be used in these products."

The above requirement matches observations on existing RPKI deployments.

OK tb@

20 months agospelling
deraadt [Mon, 6 Mar 2023 16:17:17 +0000 (16:17 +0000)]
spelling

20 months agoAdd check for RSA key pair modulus & public exponent
job [Mon, 6 Mar 2023 16:04:52 +0000 (16:04 +0000)]
Add check for RSA key pair modulus & public exponent

Both the SPKI inside a CA's .cer TBS section and Signers wrapped in CMS
must be RSA, with mod 2048 & (e) 0x10001

OK tb@

20 months agoFix URL to RFC
job [Mon, 6 Mar 2023 15:50:33 +0000 (15:50 +0000)]
Fix URL to RFC

20 months agoRename struct ${app}_config to plain cfg
tb [Mon, 6 Mar 2023 14:32:05 +0000 (14:32 +0000)]
Rename struct ${app}_config to plain cfg

All the structs are static and we need to reach into them many times.
Having a shorter name is more concise and results in less visual clutter.
It also avoids many overlong lines and we will be able to get rid of some
unfortunate line wrapping down the road.

Discussed with jsing

20 months agotweak examples/iked.conf bits a little further following comments by
sthen [Mon, 6 Mar 2023 13:57:45 +0000 (13:57 +0000)]
tweak examples/iked.conf bits a little further following comments by
aisha@ and Crystal Kolipe, ok aisha@ tobhe@

20 months agoDocument ECDSA_SIG_get0_{r,s}()
tb [Mon, 6 Mar 2023 13:34:53 +0000 (13:34 +0000)]
Document ECDSA_SIG_get0_{r,s}()

20 months agoDocument DH_get0_* for individual DH members.
tb [Mon, 6 Mar 2023 13:25:46 +0000 (13:25 +0000)]
Document DH_get0_* for individual DH members.

20 months agoUse nitems() of source and destination partition arrays
krw [Mon, 6 Mar 2023 13:24:40 +0000 (13:24 +0000)]
Use nitems() of source and destination partition arrays
rather than assuming they are the same size. Zero
destination entries when no source partition available.

No intentional functional change.

20 months agoDocument DSA_get0_* for individual DSA members
tb [Mon, 6 Mar 2023 13:18:38 +0000 (13:18 +0000)]
Document DSA_get0_* for individual DSA members

20 months agoDocument RSA_get0_* for individual RSA members.
tb [Mon, 6 Mar 2023 13:05:32 +0000 (13:05 +0000)]
Document RSA_get0_* for individual RSA members.

Loosely based on OpenSSL commit 6692ff77.

Prodded by job

20 months agoUnit test for kex_proposal_populate_entries.
dtucker [Mon, 6 Mar 2023 12:15:47 +0000 (12:15 +0000)]
Unit test for kex_proposal_populate_entries.

20 months agoRefactor creation of KEX proposal.
dtucker [Mon, 6 Mar 2023 12:14:48 +0000 (12:14 +0000)]
Refactor creation of KEX proposal.

This adds kex_proposal_populate_entries (and corresponding free) which
populates the KEX proposal array with dynamically allocated strings.
This replaces the previous mix of static and dynamic that has been the
source of previous leaks and bugs.  Remove unused compat functions.
With & ok djm@.

20 months agoRework asn1_item_flags_i2d()
tb [Mon, 6 Mar 2023 12:00:27 +0000 (12:00 +0000)]
Rework asn1_item_flags_i2d()

Flip the logic of NULL checks on out and *out to unindent, use calloc()
instead of malloc() and check on assign. Also drop the newly added len2
again, it isn't needed.

ok jsing

20 months agoSwitch all iwx(4) devices to -77 firmware images.
stsp [Mon, 6 Mar 2023 11:53:24 +0000 (11:53 +0000)]
Switch all iwx(4) devices to -77 firmware images.

New firmware versions address some security issues, as outlined here:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00699.html

Firmware has been available in fw_update for some time so systems which
track -current should already have the new -77 images.

Tested:
ax200: jmc, hrvoje, stsp
ax201: Mikhail, Sven Wolf, stsp
ax210: lraab, stsp
ax211: Mikhail, dv

20 months agoMake iwx(4) get the primary channel number from AP beacon info, rather
stsp [Mon, 6 Mar 2023 11:42:11 +0000 (11:42 +0000)]
Make iwx(4) get the primary channel number from AP beacon info, rather
than assuming that it always matches our currently configured channel.
Should prevent problems on 40/80Mhz channels if there is a mismatch.

20 months agofix previous: only ignore request to delete key while doing crypto in hardware
stsp [Mon, 6 Mar 2023 11:37:14 +0000 (11:37 +0000)]
fix previous: only ignore request to delete key while doing crypto in hardware

20 months agoAvoid trying to remove keys if the station is not active in iwx firmware.
stsp [Mon, 6 Mar 2023 11:33:57 +0000 (11:33 +0000)]
Avoid trying to remove keys if the station is not active in iwx firmware.

Fixes a firmware panic I encountered while working on firmware upgrades.

20 months agoignore iwx DATA_PATH group notification 0xf8
stsp [Mon, 6 Mar 2023 11:30:46 +0000 (11:30 +0000)]
ignore iwx DATA_PATH group notification 0xf8

Undocumented and ignored by the Linux driver, too.
Apparently only used by the Windows driver.
Confirmed by Johannes Berg.

20 months agoalways provide a subset of STA info in the MAC context command
stsp [Mon, 6 Mar 2023 11:28:01 +0000 (11:28 +0000)]
always provide a subset of STA info in the MAC context command

We used to provide beacon-related information only once our station was
associated. New firmware wants to see this information earlier, when are
about to send an AUTH frame. Otherwise SYSASSERT 0x2000011A is raised.

Problem diagnosed with help from Johannes Berg, thanks!

20 months agofix iwx session protection event duration
stsp [Mon, 6 Mar 2023 11:21:24 +0000 (11:21 +0000)]
fix iwx session protection event duration

Firmware expects time in TU units.
Use 900 TU for the session protection timeout, like the linux driver does.

verified with Johannes Berg from Linux/Intel, thanks for the support!

20 months agosupport the new iwx SCD_QUEUE_CONFIG command
stsp [Mon, 6 Mar 2023 11:18:37 +0000 (11:18 +0000)]
support the new iwx SCD_QUEUE_CONFIG command

Required for adding/removing Tx queues on new firmware versions.

Semantics have changed yet again. Good old iwm(4) required manual
removal of related Tx queues when a station is removed from firmware.
At some point iwx(4) firmware removed this requirement and demanded
that queue removal would be done implicitly by firmware instead.
And now the firmware engineers at Intel have again changed their
minds about this, and explicit queue removal is required again.
It is sad that we are being driven through such a marathon of changes
just in order to pick up some firmware security fixes...

20 months agoadd support for the iwx BAID allocation config command
stsp [Mon, 6 Mar 2023 11:08:56 +0000 (11:08 +0000)]
add support for the iwx BAID allocation config command

This command is required to set up Rx aggregation on new firmware.

20 months agoimplement support for iwx PHY context cmd version 4
stsp [Mon, 6 Mar 2023 11:03:29 +0000 (11:03 +0000)]
implement support for iwx PHY context cmd version 4

20 months agosupport the new IWX_STA_MAC_DATA_API_S_VER_2 API
stsp [Mon, 6 Mar 2023 11:00:41 +0000 (11:00 +0000)]
support the new IWX_STA_MAC_DATA_API_S_VER_2 API

MAC context command fields which firmware has been ignoring since the iwm
hardware generation have been repurposed for information related to 11ax.
Just set these fields to zero. Firmware -71 and up will panic otherwise.

20 months agoadd support for the iwx RLC config command
stsp [Mon, 6 Mar 2023 10:52:16 +0000 (10:52 +0000)]
add support for the iwx RLC config command

New firmware wants to be told about MIMO antenna configuration via
a separate command, rather than via the good old PHY context command.

20 months agosupport iwx rate_n_flags API version 2 and delete fixed Tx rate support
stsp [Mon, 6 Mar 2023 10:48:05 +0000 (10:48 +0000)]
support iwx rate_n_flags API version 2 and delete fixed Tx rate support

As of this commit iwx will ignore 'ifconfig media' commands where the
user-specified Tx rate resolves to something other than 'autoselect'.
The existing support for forcing a Tx rate was already only partially
working in 11n and 11ac modes. I doubt anyone had a serious use case for
this. If you really need to force a specific Tx rate for data frames
sent by iwx then hack the driver instead of using 'ifconfig media'.

The firmware interface was designed for Tx rate selection in firmware.
Maintaining support for overriding the Tx rate with ifconfig in face of
complicated firmware interface changes such as this rate_n_flags change
is just not worth it.  While trying to keep forced Tx rates working on top
of the new rate_n_flags format I accidentally broke the Tx rate used for
managment frames during regular operation, which caused much frustration.

20 months agochange current iwx rate_n_flag field names to indicate this is API version 1
stsp [Mon, 6 Mar 2023 10:31:58 +0000 (10:31 +0000)]
change current iwx rate_n_flag field names to indicate this is API version 1

also add some missing bits found in the Linux driver while here

20 months agoadd support for iwx TLC config command v4
stsp [Mon, 6 Mar 2023 10:28:04 +0000 (10:28 +0000)]
add support for iwx TLC config command v4

20 months agoadd support for iwx firmware alive response version 6
stsp [Mon, 6 Mar 2023 10:24:15 +0000 (10:24 +0000)]
add support for iwx firmware alive response version 6

20 months agorecognize more iwx ucode TLV sections which are present in newer fw images
stsp [Mon, 6 Mar 2023 10:16:16 +0000 (10:16 +0000)]
recognize more iwx ucode TLV sections which are present in newer fw images

20 months agoFix comment
job [Mon, 6 Mar 2023 09:14:29 +0000 (09:14 +0000)]
Fix comment

20 months agoFix some return checks in ecdh_cms_encrypt()
tb [Mon, 6 Mar 2023 08:37:24 +0000 (08:37 +0000)]
Fix some return checks in ecdh_cms_encrypt()

i2d functions return <= 0 on error, so check for that instead of == 0.

The issue with CMS_SharedInfo_encode() was found by Niels Dossche.
OpenSSL review overlooked that they had turned penclen into a size_t.

In principle the issue with i2d_X509_ALGOR() is purely cosmetic. Why do
a strange check when there is an idiomatic check? Then again this is CMS...

ok jsing

20 months agoFix incorrect RSA_public_decrypt() return check
tb [Mon, 6 Mar 2023 08:31:34 +0000 (08:31 +0000)]
Fix incorrect RSA_public_decrypt() return check

RSA_public_decrypt() returns <= 0 on error. Assigning to a size_t and
checking for == 0 is not the right thing to do here. Neither is blindly
turning the check into <= 0...

Found by Niels Dossche

ok jsing

20 months agoASN.1 enc: check ASN1_item_ex_i2d() consistency
tb [Mon, 6 Mar 2023 08:08:31 +0000 (08:08 +0000)]
ASN.1 enc: check ASN1_item_ex_i2d() consistency

The i2d API design is: call a function first with a pointer to NULL, get
the length, allocate a buffer, call the function passing the buffer in.
Both calls should be checked since ther are still internal allocations.

At the heart of ASN.1 encoding, this idiom is used and the second call
is assumed to succeed after the length was determined. This is far from
guaranteed. Check that the second call returns the same length and error
otherwise.

ok jsing

20 months agowhack the *phy entries in SEE ALSO: it was becoming unwieldy, and they are
jmc [Mon, 6 Mar 2023 06:56:49 +0000 (06:56 +0000)]
whack the *phy entries in SEE ALSO: it was becoming unwieldy, and they are
already listed in SYNOPSIS;

while here, rework the ifconfig sentence into something simpler, tweaked
by jsg to mention the "media" keyword;

ok jsg

20 months agosync
deraadt [Mon, 6 Mar 2023 06:49:16 +0000 (06:49 +0000)]
sync

20 months agodrm/amd/display: Properly reuse completion structure
jsg [Mon, 6 Mar 2023 02:40:58 +0000 (02:40 +0000)]
drm/amd/display: Properly reuse completion structure

From Stylon Wang
118ad80d27d938868299ef184f7483b21f011f0b in linux-6.1.y/6.1.15
0cf8307adbc6beb5ff3b8a76afedc6e4e0b536a9 in mainline linux

20 months agodrm/amd/display: Fix race condition in DPIA AUX transfer
jsg [Mon, 6 Mar 2023 02:38:01 +0000 (02:38 +0000)]
drm/amd/display: Fix race condition in DPIA AUX transfer

From Stylon Wang
075e2099c32cf4486b27266d2aecf61e95499ea4 in linux-6.1.y/6.1.15
ead08b95fa50f40618c72b93a849c4ae30c9cd50 in mainline linux

20 months agodrm/amd/display: Move DCN314 DOMAIN power control to DMCUB
jsg [Mon, 6 Mar 2023 02:34:53 +0000 (02:34 +0000)]
drm/amd/display: Move DCN314 DOMAIN power control to DMCUB

From Nicholas Kazlauskas
4da108082a3290804ebbd42d70ce8535c00e4637 in linux-6.1.y/6.1.15
e383b12709e32d6494c948422070c2464b637e44 in mainline linux

20 months agoFix clean process shutdown by storing env globally like vmd and httpd do
tobhe [Sun, 5 Mar 2023 22:17:22 +0000 (22:17 +0000)]
Fix clean process shutdown by storing env globally like vmd and httpd do
instead of getting it from p_ps.  The old approach does not work anymore
after the recent fork + exec update.

ok patrick@

20 months agoActually, LANG only set the default.
ajacoutot [Sun, 5 Mar 2023 18:55:34 +0000 (18:55 +0000)]
Actually, LANG only set the default.

from guenther@

20 months agoRemove #ifndef OPENSSL_EC_NISTP_64_GCC_128.
jsing [Sun, 5 Mar 2023 16:31:01 +0000 (16:31 +0000)]
Remove #ifndef OPENSSL_EC_NISTP_64_GCC_128.

This was presumably intended to be OPENSSL_NO_EC_NISTP_64_GCC_128, however
generic code has ended up inside the ifdef (and none of the NISTP code
or prototypes now remain).

20 months agoarm64 needs -DBOOT_STTY as well.
kettenis [Sun, 5 Mar 2023 16:21:52 +0000 (16:21 +0000)]
arm64 needs -DBOOT_STTY as well.

ok miod@

20 months agoRemove ec_GFp_nistp.* prototypes.
jsing [Sun, 5 Mar 2023 16:11:36 +0000 (16:11 +0000)]
Remove ec_GFp_nistp.* prototypes.

This code has been deleted, however the prototypes managed to hang around.

20 months agoRemove duplicate function prototypes.
jsing [Sun, 5 Mar 2023 16:06:14 +0000 (16:06 +0000)]
Remove duplicate function prototypes.

20 months agoMask off IPL flags before storing the IPL for an interrupt.
patrick [Sun, 5 Mar 2023 14:45:07 +0000 (14:45 +0000)]
Mask off IPL flags before storing the IPL for an interrupt.

ok kettenis@ jmatthew@

20 months agoopenssl: make all config structs static
tb [Sun, 5 Mar 2023 13:12:53 +0000 (13:12 +0000)]
openssl: make all config structs static

These are per-app, so per-file. Most of them already are static, adjust
the rest of them.

20 months agoopenssl/cms: zap some trailing whitespace
tb [Sun, 5 Mar 2023 13:08:22 +0000 (13:08 +0000)]
openssl/cms: zap some trailing whitespace

20 months agoknock out double .Pp;
jmc [Sun, 5 Mar 2023 12:56:41 +0000 (12:56 +0000)]
knock out double .Pp;

20 months agooops, overridden has two d's; apologies ajacoutot for not spotting that.
jmc [Sun, 5 Mar 2023 12:55:36 +0000 (12:55 +0000)]
oops, overridden has two d's; apologies ajacoutot for not spotting that.