jsg [Tue, 13 Jun 2023 03:15:33 +0000 (03:15 +0000)]
drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras
From Guchun Chen
f661ad53658a1ea35c004af1f5fbe25c4d1cdb08 in linux-6.1.y/6.1.29
4a76680311330aefe5074bed8f06afa354b85c48 in mainline linux
jsg [Tue, 13 Jun 2023 03:13:20 +0000 (03:13 +0000)]
drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v11_0_hw_fini
From Horatio Zhang
02e6cb9b3aeffc6b0e3955f6e0346293e2415cbc in linux-6.1.y/6.1.29
13af556104fa93b1945c70bbf8a0a62cd2c92879 in mainline linux
jsg [Tue, 13 Jun 2023 03:11:26 +0000 (03:11 +0000)]
drm/amdgpu: fix an amdgpu_irq_put() issue in gmc_v9_0_hw_fini()
From Hamza Mahfooz
59cb2d46e177894c3554a25a3358b72d4bee31d3 in linux-6.1.y/6.1.29
922a76ba31adf84e72bc947267385be420c689ee in mainline linux
jsg [Tue, 13 Jun 2023 03:09:53 +0000 (03:09 +0000)]
drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v10_0_hw_fini
From Horatio Zhang
59e2439111ac2bd24ea0cecf5825cf06684b2c6c in linux-6.1.y/6.1.29
08c677cb0b436a96a836792bb35a8ec5de4999c2 in mainline linux
jsg [Tue, 13 Jun 2023 03:07:52 +0000 (03:07 +0000)]
drm/amd/display: fix flickering caused by S/G mode
From Hamza Mahfooz
f2e43c98042c607376479484ea8f98d3452868f5 in linux-6.1.y/6.1.29
08da182175db4c7f80850354849d95f2670e8cd9 in mainline linux
jsg [Tue, 13 Jun 2023 03:05:48 +0000 (03:05 +0000)]
drm/amd/display: filter out invalid bits in pipe_fuses
From Samson Tam
4c1e747ca61c6103bcc259ad7f2fc6d53acff291 in linux-6.1.y/6.1.29
682439fffad9fa9a38d37dd1b1318e9374232213 in mainline linux
jsg [Tue, 13 Jun 2023 03:04:00 +0000 (03:04 +0000)]
drm/amd/display: Fix 4to1 MPC black screen with DPP RCO
From Nicholas Kazlauskas
c2b2641ecb9aed1613976a2abf56292e206e3694 in linux-6.1.y/6.1.29
bf224e00a9f54e2bf14b4d720a09c3d2f4aa4aa8 in mainline linux
jsg [Tue, 13 Jun 2023 03:01:44 +0000 (03:01 +0000)]
drm/amd/display: Add NULL plane_state check for cursor disable logic
From Nicholas Kazlauskas
cc9942840afaa3cbbb90dd41404d15125ae5d192 in linux-6.1.y/6.1.29
d29fb7baab09b6a1dc484c9c67933253883e770a in mainline linux
jsg [Tue, 13 Jun 2023 02:59:36 +0000 (02:59 +0000)]
drm/i915/dsi: Use unconditional msleep() instead of intel_dsi_msleep()
From Hans de Goede
aa0f98c5d1962b4dedec00067fc1b28a6d4f7d65 in linux-6.1.y/6.1.29
c8c2969bfcba5fcba3a5b078315c1b586d927d9f in mainline linux
jsg [Tue, 13 Jun 2023 02:56:18 +0000 (02:56 +0000)]
drm/i915/color: Fix typo for Plane CSC indexes
From Chaitanya Kumar Borah
5b6b81decdf08b5171c3872e45e9e3772a274032 in linux-6.1.y/6.1.29
2efc8e1001acfdc143cf2d25a08a4974c322e2a8 in mainline linux
jsg [Tue, 13 Jun 2023 02:54:09 +0000 (02:54 +0000)]
drm/amdgpu: add a missing lock for AMDGPU_SCHED
From Chia-I Wu
7887397338a55a2439ba8db6d9a93cbe4094d912 in linux-6.1.y/6.1.29
2397e3d8d2e120355201a8310b61929f5a8bd2c0 in mainline linux
jsg [Tue, 13 Jun 2023 02:52:19 +0000 (02:52 +0000)]
drm/i915/mtl: Add the missing CPU transcoder mask in intel_device_info
From Radhakrishna Sripada
4b08cdd239e7d15f11d2be07e59c3af478f61b11 in linux-6.1.y/6.1.29
6ece90e3665a9b7fb2637fcca26cebd42991580b in mainline linux
jsg [Tue, 13 Jun 2023 02:50:05 +0000 (02:50 +0000)]
drm/amd/display: Update bounding box values for DCN321
From Aurabindo Pillai
80a791a19902edc7c0fc7f8d2f3d411531e6a4ca in linux-6.1.y/6.1.29
989cd3e76a4aab76fe7dd50090ac3fa501c537f6 in mainline linux
jsg [Tue, 13 Jun 2023 02:48:26 +0000 (02:48 +0000)]
drm/amd/display: Do not clear GPINT register when releasing DMUB from reset
From Aurabindo Pillai
7bba2e5e096e005f9ea5dba85a224caf9e80909f in linux-6.1.y/6.1.29
99d92eaca5d915763b240aae24669f5bf3227ecf in mainline linux
jsg [Tue, 13 Jun 2023 02:46:50 +0000 (02:46 +0000)]
drm/amd/display: Reset OUTBOX0 r/w pointer on DMUB reset
From Cruise Hung
ccb0ad946adc43d9b146323228a365aa7400fd42 in linux-6.1.y/6.1.29
425afa0ac99a05b39e6cd00704fa0e3e925cee2b in mainline linux
jsg [Tue, 13 Jun 2023 02:45:05 +0000 (02:45 +0000)]
drm/amd/display: Fixes for dcn32_clk_mgr implementation
From Aurabindo Pillai
bb13726625e7d6220744fac823baec4ce9e7f563 in linux-6.1.y/6.1.29
d1c5c3e252b8a911a524e6ee33b82aca81397745 in mainline linux
jcs [Tue, 13 Jun 2023 02:44:08 +0000 (02:44 +0000)]
regen
jcs [Tue, 13 Jun 2023 02:43:39 +0000 (02:43 +0000)]
add SanDisk PC SN740
jsg [Tue, 13 Jun 2023 02:42:49 +0000 (02:42 +0000)]
drm/amd/display: Return error code on DSC atomic check failure
From Hersen Wu
b7ae53dd0d290b27fd4e0bdeff5849ecb3d588a3 in linux-6.1.y/6.1.29
dd24662d9dfbad281bbf030f06d68c7938fa0c66 in mainline linux
jsg [Tue, 13 Jun 2023 02:40:37 +0000 (02:40 +0000)]
drm/amd/display: Add missing WA and MCLK validation
From Rodrigo Siqueira
374f7fa01ae56bc000dc1d54e80a8f4e7f606028 in linux-6.1.y/6.1.29
822b84ecfc646da0f87fd947fa00dc3be5e45ecc in mainline linux
jsg [Tue, 13 Jun 2023 02:38:27 +0000 (02:38 +0000)]
drm/amd/display: Remove FPU guards from the DML folder
From Rodrigo Siqueira
0b47019f544fbf1667798085b71374fe4d09e611 in linux-6.1.y/6.1.29
bbfbf09d193ac831c40db50ef4b31d11548a9eef in mainline linux
jsg [Tue, 13 Jun 2023 02:36:09 +0000 (02:36 +0000)]
drm/amd/display: Ext displays with dock can't recognized after resume
From Ryan Lin
28d0f85aff342921d75597bc4997f9d6e83be2ef in linux-6.1.y/6.1.29
1e5d4d8eb8c0f15d90c50e7abd686c980e54e42e in mainline linux
mvs [Mon, 12 Jun 2023 21:19:54 +0000 (21:19 +0000)]
Move nd6_ifdetach() out of netlock. In this point, the interface is
disconnected from everywhere. No need to hold netlock for dummy
'nd_ifinfo' release. Netlock is also not needed for
TAILQ_EMPTY(&ifp->if_*hooks) assertions.
ok kn bluhm
millert [Mon, 12 Jun 2023 20:19:45 +0000 (20:19 +0000)]
Simple seq(1) regress. More tests are needed.
millert [Mon, 12 Jun 2023 20:15:06 +0000 (20:15 +0000)]
seq: fix check for rounding error/truncation
We need to compare the printable version of the last value displayed,
not the floating point representation. Otherwise, we may print the
last value twice. OK deraadt@
job [Mon, 12 Jun 2023 18:22:02 +0000 (18:22 +0000)]
Downgrade CMS signing-time being after notAfter to a warning
Feedback from Ties, Ben
OK tb@
jsing [Mon, 12 Jun 2023 18:17:18 +0000 (18:17 +0000)]
Remove prototypes for various ec_GF2m_* functions that no longer exist.
jsing [Mon, 12 Jun 2023 16:42:11 +0000 (16:42 +0000)]
Optimise quad word primitives on aarch64.
This provides a performance gain across most BN operations.
jsing [Mon, 12 Jun 2023 16:17:24 +0000 (16:17 +0000)]
Provide and use various quad word primitives.
This includes bn_qwaddqw(), bn_qwsubqw(), bn_qwmulw_addw() and
bn_qwmulw_addqw_addw(). These can typically be optimised on architectures
that have a reasonable number of general purpose registers.
ok tb@
claudio [Mon, 12 Jun 2023 15:27:52 +0000 (15:27 +0000)]
Reduce issues with types by switching iosz and totalsz from off_t to size_t.
In rpki-client the maximum file size is limited to 2GB so even on 32bit
archs size_t is large enough.
This solves some of the signed vs unsigned issues between bufsz/bufpos
and iosz.
OK tb@
claudio [Mon, 12 Jun 2023 14:56:38 +0000 (14:56 +0000)]
Add content-encoding compression support (just gzip and deflate).
This will allow servers to send compressed XML which saves around 50%.
The uncompressed output is limited to MAX_CONTENTLEN bytes so the
impact of decompression bombs is limited.
With and OK job@ tb@
claudio [Mon, 12 Jun 2023 12:48:07 +0000 (12:48 +0000)]
Use attr_writebuf() instead of hand rolling a more complicated version
for IMSG_CTL_SHOW_RIB_ATTR. Also drop the attr_optlen() usage in
imsg_create() since it is not stricly needed. With this attr_optlen
follows the path of the dodo.
OK tb@
claudio [Mon, 12 Jun 2023 12:10:17 +0000 (12:10 +0000)]
Use data != NULL to be more explicit. No functional change.
OK tb@
jsg [Mon, 12 Jun 2023 11:30:55 +0000 (11:30 +0000)]
add Mercusys MW150US V2
tested by Daeil Lee
jsg [Mon, 12 Jun 2023 11:27:30 +0000 (11:27 +0000)]
match Mercusys MW150US V2
from Daeil Lee
jsg [Mon, 12 Jun 2023 11:26:54 +0000 (11:26 +0000)]
regen
jsg [Mon, 12 Jun 2023 11:26:24 +0000 (11:26 +0000)]
add Mercusys MW150US V2
from Daeil Lee
claudio [Mon, 12 Jun 2023 09:02:31 +0000 (09:02 +0000)]
Use stdio open_memstream(3) to build up log strings instead of trying to
abuse ibufs for that. Using stdio for this has the benefit of using any
stdio function to build up strings including fprintf().
With and OK tb@
jsg [Mon, 12 Jun 2023 01:13:13 +0000 (01:13 +0000)]
regen
jsg [Mon, 12 Jun 2023 01:12:33 +0000 (01:12 +0000)]
add more Navi 31 device ids
Radeon Pro W7800 and Radeon Pro W7900
from Radeon Software for Linux 23.10.1 (5.5.1) libdrm-amdgpu-common
kettenis [Sun, 11 Jun 2023 21:42:01 +0000 (21:42 +0000)]
Disable PAC with the architected algorithm for now, but leave it enabled
when the hardware uses an implementation defined algorithm. There are
issues with PAC on the x13s (but not on the windows dev kit) which uses
the architected algorithm as it uses a core designed by ARM. This leaves
PAC enabled on Apple hardware.
ok deraadt@
tb [Sun, 11 Jun 2023 19:01:01 +0000 (19:01 +0000)]
Convert legacy server kex to one-shot sign/verify
This converts ssl3_{get,send}_server_key_exchange() to EVP_DigestVerify()
and EVP_DigestSign(). In order to do this, build the full signed_params
up front and rework the way the key exchange parameters are constructed.
This way we can do the verify and sign steps in one go and at the same
use a more idiomatic approach with CBB/CBS.
with/ok jsing
tb [Sun, 11 Jun 2023 18:50:51 +0000 (18:50 +0000)]
Easy EVP_Digest{Sign,Verify} conversions for legacy stack
Convert ssl3_send_client_verify_{sigalgs,gost}() to EVP_DigestSign() and
ssl3_get_cert_verify() to EVP_DigestVerify().
ok jsing
krw [Sun, 11 Jun 2023 14:00:04 +0000 (14:00 +0000)]
No need to check for DTYPE_FLOPPY. If there is neither a GPT nor
an MBR then install biosboot in sector 0.
Without the check for DTYPE_FLOPPY there is no need for
FSDISKTYPE=floppy3 and therefore flip the last two Makefiles to
the "echo '/ *' | disklabel -wAT-" idiom.
Feedback/fix from kn@
jsg [Sun, 11 Jun 2023 13:02:10 +0000 (13:02 +0000)]
remove unused args_st struct
ok tb@
jsg [Sun, 11 Jun 2023 12:35:00 +0000 (12:35 +0000)]
remove chopup_args() unused since apps.c rev 1.31
ok tb@
tb [Sun, 11 Jun 2023 12:06:08 +0000 (12:06 +0000)]
openssl enc: drop a few parens and unwrap a few lines
No binary change on amd64
tb [Sun, 11 Jun 2023 11:54:44 +0000 (11:54 +0000)]
openssl enc: small style fixup after ZLIB unifdef
op [Sun, 11 Jun 2023 10:30:10 +0000 (10:30 +0000)]
fix typo: 'hash buffer to small' -> too small
tb [Sun, 11 Jun 2023 05:45:20 +0000 (05:45 +0000)]
Unifdef ZLIB
This is very dead code: the openssl app was never compiled with -DZLIB
after January 1, 2015.
tb [Sun, 11 Jun 2023 05:35:43 +0000 (05:35 +0000)]
Unifdef ZLIB
This has long been unused code and compilation with -DZLIB was broken
for a long time after BIO was made opaque.
ok jsing
kettenis [Sat, 10 Jun 2023 19:30:48 +0000 (19:30 +0000)]
Implement support for pointer authentication (PAC) in userland. With PAC
it is possible to "sign" pointers with a hidden key. The signature is
placed in unused bits of the pointer and can be checked later. This can
be used to provide "tail CFI" that is similar to what retguard provides.
Debuggers need to be aware of the fact that pointers can be signed. For
this purpose a new PT_PACMASK ptrace(2) request is introduced that returns
as mask that indicates the bits used for the signature. Separate masks
are provided for code and data pointers even though the masks are identical
in the current implementation. These masks are also written into a special
note section in the core dump.
ok patrick@
patrick [Sat, 10 Jun 2023 18:31:38 +0000 (18:31 +0000)]
Add qcpas(4), a driver for the Peripheral Authentication Service found on
Qualcomm SoCs.
The immediate task for this driver is to provide firmware to the auxiliary
cores and to bring them up. This is accomplished by parsing the ELF files
and providing the data in certain memory regions, and telling qcscm(4) to
check and execute the firmware on the auxiliary cores.
With the cores up we can now talk to the firmware. The glink-edge subnode
indicates that we can talk to it using the GLINK protocol over shared memory
provided by qcsmem(4). This interface is essentially a channel multiplexer,
with each channel identified through an ASCII string.
One of those channels connects to a PMIC router, which allows us to talk to
the battery manager service that contains information about the charging and
battery states.
ok drahn@ kettenis@
tb [Sat, 10 Jun 2023 15:34:36 +0000 (15:34 +0000)]
Convert EVP_Digest{Sign,Verify}* to one-shot for TLSv1.3
Using one-shot EVP_DigestSign() and EVP_DigestVerify() is slightly shorter
and is needed for
Ed25519 support.
ok jsing
deraadt [Sat, 10 Jun 2023 15:16:43 +0000 (15:16 +0000)]
sync
op [Sat, 10 Jun 2023 07:24:21 +0000 (07:24 +0000)]
ksh: remove broken special handling of test -t
Drop the vestiges of the pre-POSIX support of `test -t' defaulting to fd
1. It doesn't work and it always succeed since "-t" is treated as a
string by default when no argument (fd) is specified.
diff by Lucas (lucas [at] sexy [dot] is) with minor change by me.
ok millert@
op [Sat, 10 Jun 2023 07:19:39 +0000 (07:19 +0000)]
test: fix description of -t: it has no default
-t always requires the fd number as argument, there's no default. With
only one argument -t is equivalent to `test -n -t' and so banally always
true.
diff from Lucas (lucas [at] sexy [dot] is)
ok millert@
tb [Sat, 10 Jun 2023 05:00:58 +0000 (05:00 +0000)]
File new test-bleichenbacher-timing-pregenerate.py under failing tests
until someone finds time and motivation to figure out how to use this.
deraadt [Fri, 9 Jun 2023 15:31:44 +0000 (15:31 +0000)]
we always create keys 2 releases into the future
kn [Fri, 9 Jun 2023 12:22:01 +0000 (12:22 +0000)]
Readd "-wgpsk", accidentially dropped in r1.465 adding "wgdescr"
Noticed by Bradley Latus
Diff from Jane Johansson
OK tb
beck [Thu, 8 Jun 2023 22:02:40 +0000 (22:02 +0000)]
Remove dead code.
must_be_ca can no longer be 0 after the proxy cert code got nuked,
so change this to an if. must_be_ca is now -1 for a leaf, or 1 for
a non leaf.
ok tb@
nicm [Thu, 8 Jun 2023 11:17:28 +0000 (11:17 +0000)]
Fix mismatch between function prototype and definition, from Anindya
Mukherjee.
schwarze [Thu, 8 Jun 2023 09:40:17 +0000 (09:40 +0000)]
From the description of "openssl verify", delete the duplicate and
outdated list of error messages. Instead, refer to the master copy
of that list in X509_STORE_CTX_get_error(3).
Suggested by and OK tb@, and beck@ also agrees with the idea.
espie [Thu, 8 Jun 2023 08:57:02 +0000 (08:57 +0000)]
add tests related to --libs-only-l and the likes
remove extraneous spaces from reference output now that we're closer
to the original pkg-config
espie [Thu, 8 Jun 2023 08:55:27 +0000 (08:55 +0000)]
move to perl use v5.36
also fix a discrepancy wrt the "original" pkg-config
thanks to tb@ for testing.
bluhm [Wed, 7 Jun 2023 18:42:40 +0000 (18:42 +0000)]
Rename ifconfig tcprecvoffload to tcplro. It is shorter and
more consistent.
discussed with jan@ mvs@ chris@ claudio@ dlg@
job [Wed, 7 Jun 2023 16:23:02 +0000 (16:23 +0000)]
Document CMS signing-time <> mod-time trick
espie [Wed, 7 Jun 2023 15:09:01 +0000 (15:09 +0000)]
do not pass @_ to code snippets, prepare for 5.36
found out by aja@
aoyama [Wed, 7 Jun 2023 12:56:22 +0000 (12:56 +0000)]
Add portable version and m88k-specific version lb() function, because
unfortunately gcc3 does not have __builtin_clz().
ok miod@ otto@
tb [Wed, 7 Jun 2023 11:09:08 +0000 (11:09 +0000)]
Cosmetic tweak for previous
Once we expect ASPA version 1 and someone sends us version 0, make that
explicit instead of complaining about ASN1_INTEGER_get_uint64() failing.
ok job
schwarze [Wed, 7 Jun 2023 10:53:30 +0000 (10:53 +0000)]
Refer to the field "thisUpdate" instead of the non-existent "lastUpdate".
Similar to X509_get0_notBefore(3) rev. 1.6.
Requested by and OK tb@.
job [Wed, 7 Jun 2023 10:46:34 +0000 (10:46 +0000)]
In anticipation of a bump of the ASPA eContent profile version, update
valid_econtent_version() to allow for non-zero versions.
OK tb@
deraadt [Wed, 7 Jun 2023 04:46:09 +0000 (04:46 +0000)]
upon resume, fpureset() was being called prematurely (before cpu_init,
which does not matter today, but will matter a lot in near future).
But actually it isn't needed at all, cpu_init() does it again.
So remove the call.
ok guenther
schwarze [Tue, 6 Jun 2023 16:20:13 +0000 (16:20 +0000)]
In 1995, Eric A. Young chose a confusing name for the "lastUpdate" field
of the X509_CRL_INFO object. It should have been called "thisUpdate"
like in RFC 5280 section 5.1 (and in its precursor RFC 2459). Then again,
RFC 2459 was only published in 1999, so maybe the terminology wasn't
firmly established yet when Young wrote his code several years earlier -
just guessing, neither we nor the OpenSSL folks appear to know the real
reasons...
Anyway, we have been stuck with the "lastUpdate" names in the API for
more than two decades now, so clarify in the documentation what they
refer to and what they really mean.
Requested by and OK tb@.
tb [Tue, 6 Jun 2023 16:10:56 +0000 (16:10 +0000)]
Fix typo in comment: exta -> extra
claudio [Tue, 6 Jun 2023 16:09:35 +0000 (16:09 +0000)]
Use same pattern to work with offset by using a uint8_t pointer that
is loaded with ibuf_data(). This is by no means better but allows to
switch ibuf_data() to return void *.
OK tb@
beck [Tue, 6 Jun 2023 15:16:52 +0000 (15:16 +0000)]
Make the tlsv1.0 and tlsv1.1 options in relayd do nothing
Also document that fact, and that the existing ssl3 option
does nothing. This changes relayd to no longer request tls1.0
or tls1.1 in preparation for the upcoming deprecation of these
out of data protocols
ok jsing@ bluhm@ tb@ claudio@ benno@
claudio [Tue, 6 Jun 2023 13:27:49 +0000 (13:27 +0000)]
Use ibuf_seek() instead of ibuf_data() + offset constructs. Effect is
the same in these cases.
OK tb@
kn [Tue, 6 Jun 2023 09:35:44 +0000 (09:35 +0000)]
Fold disk crypto question '?' text into prompt
Since this question moved after the root disk one and '?' stopped listing disks,
hoist the implementation details in order to drop the custom answer and reuse
existing ask_yn(), thus
Encrypt the root disk? (yes, no or '?' for details) [no] ?
Create a passphrase protected CRYPTO softraid volume to be used as root disk.
Encrypt the root disk? (yes, no or '?' for details) [no]
becomes
Encrypt the root disk? (passphrase CRYPTO softraid) [no]
Prodded by afresh1
dlg [Tue, 6 Jun 2023 01:40:04 +0000 (01:40 +0000)]
don't need mcx_uptime() now that we have nsecuptime()
ok jmatthew@
job [Mon, 5 Jun 2023 18:32:06 +0000 (18:32 +0000)]
Fix copy+paste error in x509 asn regress
job [Mon, 5 Jun 2023 17:17:23 +0000 (17:17 +0000)]
Improve the description of CMS_get0_signers()
Suggestion from Małgorzata Olszówka, they noted:
"The original wording suggests that it is required to execute
CMS_get0_signers() after CMS_verify(), while it is CMS_get0_signers()
that requires prior successful invocation of CMS_verify()."
OK tb@
claudio [Mon, 5 Jun 2023 16:24:05 +0000 (16:24 +0000)]
Sync json.c with rpki-client rev 1.3:
Add an extra argument compact to json_do_object() to instruct the parser
to dump this object on a single line.
While one can select on an object to object basis for arrays the compact
setting is inherited from the surrounding object.
OK tb@
claudio [Mon, 5 Jun 2023 14:19:13 +0000 (14:19 +0000)]
Add an extra argument compact to json_do_object() to instruct the parser
to dump this object on a single line.
While one can select on an object to object basis for arrays the compact
setting is inherited from the surrounding object.
Requested by job@, OK job@ tb@
millert [Mon, 5 Jun 2023 13:24:36 +0000 (13:24 +0000)]
Store timeouts as int, not u_int as they are limited to INT_MAX.
Fixes sign compare warnings systems with 32-bit time_t due to type
promotion. OK djm@
bluhm [Mon, 5 Jun 2023 11:35:46 +0000 (11:35 +0000)]
Do not calculate IP, TCP, UDP checksums on loopback interface.
Packets sent over loopback got their checksums calculated twice.
In the output path they were filled in and during TCP/IP input all
checksums were calculated again to be compared with the previous
result.
Avoid this by claiming that lo(4) supports hardware checksum
offloading. For each packet convert the flag that the checksum
should be calculated to the flag that it has been checked successfully.
Keep the flag that it should be calculated for the case that it may
be bridged or forwarded later.
A drawback is that "tcpdump -ni lo0 -v" reports invalid checksum.
But that is the same with physical interfaces and hardware offloading.
OK dlg@
sashan [Mon, 5 Jun 2023 08:45:20 +0000 (08:45 +0000)]
pfsync_update_state() is too paranoid about pf_state::pfsync_state.
For example it should not be surprised if caller asks to remove
state from pfsync queue which has been removed already. That kind
of race is sorted out later when pfsync_update_state() calls to
pfsync_q_ins()/pfsync_q_del(). Change relaxes pfsync_update_state()
to panic on sync_state value which is unknown.
OK dlg@
sashan [Mon, 5 Jun 2023 08:37:27 +0000 (08:37 +0000)]
pf_remove_state() should not attempt to remove state which
is already removed.
OK dlg@
op [Mon, 5 Jun 2023 08:07:18 +0000 (08:07 +0000)]
use getline(3) instead of fgetln(3)
while here simplify the "From " check too.
ok millert@
tb [Sun, 4 Jun 2023 17:28:35 +0000 (17:28 +0000)]
Reinstate bn_isqrt.c r1.8 and crypto_lock.c r1.3
This traded local copies of CTASSERT() to the one in crypto_internal.h.
This change was backed out due to SHA-512 breakage on STRICT_ALIGNMENT
architectures still using Fred Flintstone's gcc without asm sha512.
Original commit message:
Use crypto_internal.h's CTASSERT()
Now that this macro is available in a header, let's use that version
rather than copies in several .c files.
discussed with jsing
millert [Sun, 4 Jun 2023 17:27:27 +0000 (17:27 +0000)]
Correct the comment in get_range() describing the range syntax.
tb [Sun, 4 Jun 2023 11:33:45 +0000 (11:33 +0000)]
Make ruby-openssl cope with default ruby change
tb [Sun, 4 Jun 2023 07:14:47 +0000 (07:14 +0000)]
bn_mod_inverse tweaks
Provide prototype that is hidden behind LIBRESSL_INTERNAL for portable
and or in result for future extensibility.
otto [Sun, 4 Jun 2023 06:58:33 +0000 (06:58 +0000)]
More thorough write-afetr-free checks.
On free, chunks (the pieces of a pages used for smaller allocations)
are junked and then validated after they leave the delayed free
list. So after free, a chunk always contains junk bytes. This means
that if we start with the right contents for a new page of chunks,
we can *validate* instead of *write* junk bytes when (re)-using a
chunk.
With this, we can detect write-after-free when a chunk is recycled,
not justy when a chunk is in the delayed free list. We do a little
bit more work on initial allocation of a page of chunks and when
re-using (as we validate now even on junk level 1).
Also: some extra consistency checks for recallocaray(3) and fixes
in error messages to make them more consistent, with man page bits.
Plus regress additions.
krw [Sat, 3 Jun 2023 21:37:53 +0000 (21:37 +0000)]
Remove declarations of unused local variables, an unused function
(get_long) and add missing {} in devsw[1] initialization.
Most from 2011 NetBSD commit by tsutui.
No functional change.
Build tested and ok kn@
tb [Sat, 3 Jun 2023 21:20:29 +0000 (21:20 +0000)]
Add regress coverage for BN_mod_inverse()
This would detect the aliasing issue reported by Guido Vranken fixed
in bn_gcd.c r1.28. Most testcases are from BoringSSL's regress test.
op [Sat, 3 Jun 2023 15:19:38 +0000 (15:19 +0000)]
drop `uptodate()' check from hack(6)
hack(6) scrapes $PATH to find its executable and compare the mtime to
the save file and bone file. If the game is newer than those, they're
not loaded.
Drop this feature. /usr/games is not in the default $PATH anymore, and
the format for those file didn't change since the import.
Diff from Anton Konyahin (me [at] konyahin [dot] xyz)
cheloha [Fri, 2 Jun 2023 17:44:29 +0000 (17:44 +0000)]
pledge(2): stdio: permit restricted profil(2) for moncontrol(3)
Currently, pledged '-pg' binaries get killed in _mcleanup() when they
try to disable profil(2) via moncontrol(3).
Disabling profil(2) is harmless. Add profil(2) to the "stdio"
pledge(2) promise and permit profil(2) calls when the scale argument
is zero. Enabling profil(2) remains forbidden in pledged processes.
This gets us one step closer to making '-pg' binaries compatible with
pledge(2). The next step is to decide how to exfiltrate the profiling
data from the process during _mcleanup().
Prompted by semarie@. Cleaned up by deraadt@. With input from
deraadt@, espie@, and semarie@.
"Looks good" deraadt@
pledge(2) pieces ok semarie@
tb [Fri, 2 Jun 2023 17:15:30 +0000 (17:15 +0000)]
Fix variable reuse in BN_mod_inverse()
The somewhat strange calculation m = a^{-1} (mod m) can return 0. This
breaks because of BN_nnmod() having delicate semantics of which variable
can be reused. BN_nnmod(a, a, m, ctx) works and the library relies on that.
Here, the code ends up doing BN_nnmod(m, a, m, ctx) and this doesn't work.
If the result of the initial BN_mod() is negative, then BN_nnmod() will
return 0.
Problem reported by Guido Vranken in
https://github.com/openssl/openssl/issues/21110
This code is well covered by regress, but it does not currently have
explicit test coverage. Such will be added soon.
ok beck jsing
tb [Fri, 2 Jun 2023 08:35:10 +0000 (08:35 +0000)]
fix typo