openbsd
9 months agoMake the -P option work for Trust Anchor certificates as well
job [Thu, 11 Jan 2024 11:55:14 +0000 (11:55 +0000)]
Make the -P option work for Trust Anchor certificates as well

OK tb@

9 months agoTry to improve RTR version negotiation.
claudio [Thu, 11 Jan 2024 11:43:07 +0000 (11:43 +0000)]
Try to improve RTR version negotiation.

RFC8210 and especially draft-ietf-sidrops-8210bis are underspecified when
it comes to inital version negotiation. The authors seem to have a very
different view on how this works compared to the various RTR cache
implementations.

Reducing the version on any session close is a problem since it often leads
to downgraded sessions where not needed. Instead require the server to send
PDUs with their correct version (either a code 4 error, a cache response
or cache reset pdu).

Extensively tested against various modes of StayRTR.
Also tested against routinator which is currently not following the spec
(https://github.com/NLnetLabs/routinator/issues/919) and breaks on unknown
versions.

This is probably not the last change to make RTR version negotiation work
but it is a step in the right direction.

OK tb@

9 months agohandle MHI M1->M2 state transitions in qwx(4)
stsp [Thu, 11 Jan 2024 09:52:19 +0000 (09:52 +0000)]
handle MHI M1->M2 state transitions in qwx(4)

When the device signals transition to state M1, the MHI driver may
set the device into M2 state to save power. The MHI device will be
woken up again by the driver ringing the wake doorbell register
before doing PCI reads/writes, which qwx(4) already implements.

9 months agoadd XKH
deraadt [Thu, 11 Jan 2024 07:59:43 +0000 (07:59 +0000)]
add XKH

9 months agodon't disable RSA test when DSA is disabled; bug introduced in last commit
djm [Thu, 11 Jan 2024 04:50:28 +0000 (04:50 +0000)]
don't disable RSA test when DSA is disabled; bug introduced in last commit

9 months agoensure key_fd is filled when DSA is disabled; spotted by tb@
djm [Thu, 11 Jan 2024 01:51:16 +0000 (01:51 +0000)]
ensure key_fd is filled when DSA is disabled; spotted by tb@

9 months agomake DSA testing optional, defaulting to on
djm [Thu, 11 Jan 2024 01:45:58 +0000 (01:45 +0000)]
make DSA testing optional, defaulting to on

ok markus

9 months agomake DSA key support compile-time optional, defaulting to on
djm [Thu, 11 Jan 2024 01:45:36 +0000 (01:45 +0000)]
make DSA key support compile-time optional, defaulting to on

ok markus@

9 months agoX509_TRUST: tidy up includes
tb [Wed, 10 Jan 2024 21:34:53 +0000 (21:34 +0000)]
X509_TRUST: tidy up includes

9 months agoX509_TRUST: group together all trust_*() functions
tb [Wed, 10 Jan 2024 21:19:56 +0000 (21:19 +0000)]
X509_TRUST: group together all trust_*() functions

Now they are next to the trstandard[] table and listed in the order they
appear in the table.

9 months agoX509_TRUST: hoist trust_compat() to the other end of the file
tb [Wed, 10 Jan 2024 21:14:14 +0000 (21:14 +0000)]
X509_TRUST: hoist trust_compat() to the other end of the file

9 months agoX509_TRUST: start shuffling some code around
tb [Wed, 10 Jan 2024 21:11:37 +0000 (21:11 +0000)]
X509_TRUST: start shuffling some code around

Hoist obj_trust() to the top and move the static default_trust() next
to its setter.

9 months agoRework X509_STORE_CTX_set_{purpose,trust}()
tb [Wed, 10 Jan 2024 17:31:28 +0000 (17:31 +0000)]
Rework X509_STORE_CTX_set_{purpose,trust}()

Split the two codepaths in x509_vfy_purpose_inherit() into its two callers.
What remains is gross, but at least a reader has a chance of following all
this nonsense without leaving a significant amount of hair behind.

In short, purpose and trust are only overridden if they're not already
set.  Otherwise silently ignore valid purpose and trust identifiers that
were passed in and succeed. Error on almost all invalid trust or purpose
ids, except 0, because... well... who knows, really?

ok jsing

9 months agoSplit UDP PCB table into IPv4 and IPv6.
bluhm [Wed, 10 Jan 2024 16:44:30 +0000 (16:44 +0000)]
Split UDP PCB table into IPv4 and IPv6.

Having two hash tables instead of a common one, reduces table size
and contention on the per table lock.  The address family is always
known in advance.  The lookups and loops are more specific.

OK sashan@

9 months agoImprove rtr_send_error() so that there is no need to log_warnx() before.
claudio [Wed, 10 Jan 2024 16:08:36 +0000 (16:08 +0000)]
Improve rtr_send_error() so that there is no need to log_warnx() before.

Now rtr_send_error() supports a format string for the error message so
use this fact to make the error report better.

OK tb@

9 months agoAdd missing newlines in printf.
claudio [Wed, 10 Jan 2024 14:59:41 +0000 (14:59 +0000)]
Add missing newlines in printf.

9 months agoInline rsa_is_pss() and rsa_pkey_is_pss()
tb [Wed, 10 Jan 2024 14:59:19 +0000 (14:59 +0000)]
Inline rsa_is_pss() and rsa_pkey_is_pss()

It's more explicit and not that much longer.

ok jsing

9 months agoDrop an unnecessary cast
tb [Wed, 10 Jan 2024 14:23:37 +0000 (14:23 +0000)]
Drop an unnecessary cast

from jsing

9 months agoFix print_fp()
tb [Wed, 10 Jan 2024 14:22:53 +0000 (14:22 +0000)]
Fix print_fp()

The callback-based printing needs to die. But first BIO_set() will die.
We have a FILE *. We have fprintf(). No need to use a static BIO to dump
error codes to said stream.

This basically undoes an unrelated change of "Move crpytlib.h prior bio.h"
from 19 years ago (OpenSSL 25a66ee3). Except we don't cast and check len.

ok jsing (who had a nearly identical diff)

9 months agoImplement log_roa() and log_aspa() and use these functions in printconf.c
claudio [Wed, 10 Jan 2024 13:31:09 +0000 (13:31 +0000)]
Implement log_roa() and log_aspa() and use these functions in printconf.c
OK tb@

9 months agoUpdate the control.c code to use the new imsg API.
claudio [Wed, 10 Jan 2024 11:08:04 +0000 (11:08 +0000)]
Update the control.c code to use the new imsg API.

OK tb@

9 months agofix incorrect capitalisation;
jmc [Wed, 10 Jan 2024 06:33:13 +0000 (06:33 +0000)]
fix incorrect capitalisation;

9 months agoIf bringing up a queue fails, only tear down the ones that we set up
jmatthew [Wed, 10 Jan 2024 05:06:00 +0000 (05:06 +0000)]
If bringing up a queue fails, only tear down the ones that we set up
successfully, rather than trying to tear them all down and crashing.

tested by hrvoje, who can make queue setup fail sometimes
ok bluhm@

9 months agopthread_cond_timedwait(3): accept negative absolute timeouts
cheloha [Wed, 10 Jan 2024 04:28:43 +0000 (04:28 +0000)]
pthread_cond_timedwait(3): accept negative absolute timeouts

Negative absolute timeouts are valid inputs.

With input from kettenis@.

Thread: https://marc.info/?l=openbsd-tech&m=170467558006767&w=2

ok guenther@

9 months agovmm/vmd: add io instruction length to exit information.
dv [Wed, 10 Jan 2024 04:13:59 +0000 (04:13 +0000)]
vmm/vmd: add io instruction length to exit information.

Add the instruction length to the vm exit information to allower
vmd(8) to manipulate the instruction pointer after io emulation.
This is preparation for emulating string-based io instructions.

Removes the instruction pointer update from the kernel (vmm(4)) as
well as the instruction length checks, which were overly restrictive
anyways based on the way prefixes work in x86 instructions.

ok mlarkin@

9 months agoextend ChannelTimeout regression test to exercise multiplexed connections
djm [Tue, 9 Jan 2024 22:19:36 +0000 (22:19 +0000)]
extend ChannelTimeout regression test to exercise multiplexed connections
and the new "global" timeout type. ok dtucker@

9 months agoadd a "global" ChannelTimeout type to ssh(1) and sshd(8) that watches
djm [Tue, 9 Jan 2024 22:19:00 +0000 (22:19 +0000)]
add a "global" ChannelTimeout type to ssh(1) and sshd(8) that watches
all open channels and will close all open channels if there is no
traffic on any of them for the specified interval. This is in addition
to the existing per-channel timeouts added a few releases ago.

This supports use-cases like having a session + x11 forwarding channel
open where one may be idle for an extended period but the other is
actively used. The global timeout would allow closing both channels when
both have been idle for too long.

ok dtucker@

9 months agoadapt ssh_api.c code for kex-strict
djm [Tue, 9 Jan 2024 21:39:14 +0000 (21:39 +0000)]
adapt ssh_api.c code for kex-strict

from markus@ ok me

9 months agoConvert some struct inpcb parameter to const pointer.
bluhm [Tue, 9 Jan 2024 19:57:00 +0000 (19:57 +0000)]
Convert some struct inpcb parameter to const pointer.

OK millert@

9 months agoThe End of Data PDU changed between v0 (RFC6810) and v1 (RFC8210).
claudio [Tue, 9 Jan 2024 15:13:49 +0000 (15:13 +0000)]
The End of Data PDU changed between v0 (RFC6810) and v1 (RFC8210).

Add struct rtr_endofdata_v0 and rtr_parse_end_of_data_v0() to handle this
oddity. With this bgpd supports RFC6810 and RFC8210 and some form of
draft-ietf-sidrops-8210bis

OK tb@

9 months agortr_parse_notify() state check is special since we ignore the PDU when
claudio [Tue, 9 Jan 2024 14:43:41 +0000 (14:43 +0000)]
rtr_parse_notify() state check is special since we ignore the PDU when
it arrives in a strange moment. The RFC is as helpful about this as one
could expect. Still I botched the state check and later added an
rtr_send_error() call which made the previous worse.
OK tb@

9 months agoBe more consistent with RTR parse error reporting.
claudio [Tue, 9 Jan 2024 14:15:15 +0000 (14:15 +0000)]
Be more consistent with RTR parse error reporting.

Stop calling rtr_send_error() after a parse error in rtr_process_msg();
instead move the calls into the parse functions.
Use consistend and useful error text to most rtr_send_error() calls.
In parse header also check the minimal version for router key and ASPA pdus
before checking their length.

OK tb@

9 months agoConvert the parent process imsg handling over to the new imsg API.
claudio [Tue, 9 Jan 2024 13:41:32 +0000 (13:41 +0000)]
Convert the parent process imsg handling over to the new imsg API.

This simplifies the code a fair bit and removes direct unchecked memory
access to imsg.data.
OK tb@

9 months agoFix copy-paste error that broke openssl-ruby and openssl regress
tb [Tue, 9 Jan 2024 07:25:57 +0000 (07:25 +0000)]
Fix copy-paste error that broke openssl-ruby and openssl regress

Noticed by anton

9 months agoremove unused of_device_get_match_data() prototype
jsg [Tue, 9 Jan 2024 07:10:00 +0000 (07:10 +0000)]
remove unused of_device_get_match_data() prototype

9 months agoinline -> static inline ; fixes sparc64 build
jsg [Tue, 9 Jan 2024 05:49:44 +0000 (05:49 +0000)]
inline -> static inline ; fixes sparc64 build

9 months agoremove needless comment
jmatthew [Tue, 9 Jan 2024 04:32:29 +0000 (04:32 +0000)]
remove needless comment

9 months agoIf there are still mbufs on a ring when we're freeing it,
jmatthew [Tue, 9 Jan 2024 04:29:46 +0000 (04:29 +0000)]
If there are still mbufs on a ring when we're freeing it,
it'd be a good idea to free them too.

ok dlg@

9 months agoavoid unused var warning on sparc64
jsg [Tue, 9 Jan 2024 03:53:09 +0000 (03:53 +0000)]
avoid unused var warning on sparc64

9 months agoDelete support for FFS filesystems before the in-inode symlink
guenther [Tue, 9 Jan 2024 03:15:59 +0000 (03:15 +0000)]
Delete support for FFS filesystems before the in-inode symlink
optimization.  As observed by ali_farzanrad(at)riseup.net, support
for these was broken in the 5.5 release in early 2014 by the time_t
changes.  No one noticed before now, so clearly this isn't something
we need to continue to support; rejecting in ffs_validate() is an
improvement.

Also: simplify DIRSIZ(), drop OLDDIRFMT and NEWDIRFMT, tests of
fs_maxsymlinklen against zero, #ifdef tests of FS_44INODEFMT, and
remove support for newfs -O0, last used in 2016.

ok miod@

9 months agoImplement RootPathString support in the LoadTable() AML function. Fixes
kettenis [Mon, 8 Jan 2024 19:52:29 +0000 (19:52 +0000)]
Implement RootPathString support in the LoadTable() AML function.  Fixes
booting OpenBSD on some (ancient?) Hyper-V version.

Tested by Henryk Paluch
ok mlarkin@

9 months agoOnly use DIR_VALID in noop mode
tb [Mon, 8 Jan 2024 19:46:19 +0000 (19:46 +0000)]
Only use DIR_VALID in noop mode

Looking in DIR_TEMP will not find a file, resulting in lots of ugly
printf (null). This is another bandaid until I figure out how to fix
my fix for this function...

with/ok job

9 months agoRework rtr_parse_header() and introduce rtr_check_session_id() to make
claudio [Mon, 8 Jan 2024 16:39:17 +0000 (16:39 +0000)]
Rework rtr_parse_header() and introduce rtr_check_session_id() to make
the initial header parsing simpler.
This also allows to simplify the version negotiation dance a bit. More
is needed there.
OK tb@

9 months agoSimplify the IMSG_CTL_KROUTE after the change in bgpd.
claudio [Mon, 8 Jan 2024 15:09:14 +0000 (15:09 +0000)]
Simplify the IMSG_CTL_KROUTE after the change in bgpd.
OK tb@

9 months agoDefine and use struct ctl_kroute_req to encode the arguments of
claudio [Mon, 8 Jan 2024 15:08:34 +0000 (15:08 +0000)]
Define and use struct ctl_kroute_req to encode the arguments of
IMSG_CTL_KROUTE instead of doing it by hand.
OK tb@

9 months agoDisable X509_STORE_CTX_purpose_inherit()
tb [Mon, 8 Jan 2024 10:06:50 +0000 (10:06 +0000)]
Disable X509_STORE_CTX_purpose_inherit()

Nothing uses this function, except two internal callers. So split its guts
temporarily into a helper function and disable the gross general case.
The internal helper can be simplified by observing that def_purpose == 0:

Overriding 0 by 0 doesn't do anything, so drop that bit. Rename ptmp into
purp, and inline X509_PURPOSE_get_by_id(), i.e., make appropriate checks and
subtract X509_PURPOSE_MIN. The fallback to X509_PURPOSE_get_by_id(0) will
always fail since X509_PURPOSE_MIN == 1. So ditch that call. In particular,
X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_ANY) fails in current because
of this. That's nonsense. So remove the purp->trust == X509_TRUST_DEFAULT
check as only change of behavior. This matches what OpenSSL do nowadays.
They now set def_purpose = purpose if purpose != 0 and def_purpose == 0,
so in all real-world uses of this function they will just fetch the same
purpose again and do not check for default trust the second time around.
Finally, X509_TRUST_get_by_id() is only used to ensure that a non-zero (or
overridden) trust is between X509_TRUST_MIN and X509_TRUST_MAX. So expand
that into its explicit form.

ok jsing

9 months agoInline X509_{TRUST,PUPROSE}_set() in their only callers
tb [Mon, 8 Jan 2024 09:51:09 +0000 (09:51 +0000)]
Inline X509_{TRUST,PUPROSE}_set() in their only callers

They are now unused and will join the exodus to the attic in the next bump.

ok jsing

9 months agoconst correct aesni_{128,256}_cbc_hmac_sha1_cipher
tb [Mon, 8 Jan 2024 09:31:09 +0000 (09:31 +0000)]
const correct aesni_{128,256}_cbc_hmac_sha1_cipher

9 months agoFix regress build since the reacharounds are fragile
tb [Mon, 8 Jan 2024 08:26:38 +0000 (08:26 +0000)]
Fix regress build since the reacharounds are fragile

noted by anton

9 months agoRemove outdated note from PROTOCOL.mux
djm [Mon, 8 Jan 2024 05:11:18 +0000 (05:11 +0000)]
Remove outdated note from PROTOCOL.mux

Port forward close by control master is already implemented
by `mux_master_process_close_fwd` in `mux.c`

GHPR442 from bigb4ng

9 months agofix missing field in users-groups-by-id@openssh.com reply documentation
djm [Mon, 8 Jan 2024 05:05:15 +0000 (05:05 +0000)]
fix missing field in users-groups-by-id@openssh.com reply documentation

GHPR441 from TJ Saunders

9 months agoPass the request packet to response decorations for future use.
yasuoka [Mon, 8 Jan 2024 04:16:48 +0000 (04:16 +0000)]
Pass the request packet to response decorations for future use.
This is required for many cases and will be used future.

9 months agomake kex-strict section more explicit about its intent: banning all
djm [Mon, 8 Jan 2024 04:10:03 +0000 (04:10 +0000)]
make kex-strict section more explicit about its intent: banning all
messages not strictly required in KEX

9 months agoFix logic error (&& -> ||)
tb [Mon, 8 Jan 2024 03:32:01 +0000 (03:32 +0000)]
Fix logic error (&& -> ||)

CID 477172

9 months agoremove ext-info-* in the kex.c code, not in callers; with/ok markus@
djm [Mon, 8 Jan 2024 00:34:33 +0000 (00:34 +0000)]
remove ext-info-* in the kex.c code, not in callers; with/ok markus@

9 months agofix typo; spotted by Albert Chin
djm [Mon, 8 Jan 2024 00:30:39 +0000 (00:30 +0000)]
fix typo; spotted by Albert Chin

9 months agoIn ixl(4) attach, initialize mutex before using it.
bluhm [Sun, 7 Jan 2024 21:01:45 +0000 (21:01 +0000)]
In ixl(4) attach, initialize mutex before using it.

Function ixl_get_link_status() calls ixl_set_link_status() which
locks sc_link_state_mtx.  Move initilization of mutex before calling
ixl_get_link_status().  This makes witness happy.

Bug reported and fix tested by Hrvoje Popovski; OK miod@

9 months agoError out if one syscall ever takes more than 6 arguments.
miod [Sun, 7 Jan 2024 20:52:44 +0000 (20:52 +0000)]
Error out if one syscall ever takes more than 6 arguments.

This is not necessarily wrong per se, but would need special consideration,
as not all platforms are currently able to process more than six syscall
arguments (and upcoming diffs will rely upon reasonably-sized argument
lists), so better break now and reconsider later if need be.

ok deraadt@

9 months agoGarbage collect call to X509_TRUST_cleanup()
tb [Sun, 7 Jan 2024 19:59:32 +0000 (19:59 +0000)]
Garbage collect call to X509_TRUST_cleanup()

Since x509_trs.c r1.33, this is a noop.

9 months agolibc, librthread: _twait: subtraction is not comparison
cheloha [Sun, 7 Jan 2024 19:44:28 +0000 (19:44 +0000)]
libc, librthread: _twait: subtraction is not comparison

Compare the current time with the absolute timeout before computing
the relative timeout to avoid arithmetic overflow.  Fixes a bug where
large negative absolute timeouts are subtracted into large positive
relative timeouts and incorrectly cause the caller to block.

While here, use timespeccmp(3) and timespecsub(3) to simplify the
code.

Thread: https://marc.info/?l=openbsd-tech&m=169945962503129&w=2

9 months agoMinor cleanup in X509_STORE_CTX_purpose_inherit()
tb [Sun, 7 Jan 2024 18:15:42 +0000 (18:15 +0000)]
Minor cleanup in X509_STORE_CTX_purpose_inherit()

Make a few checks against 0 explicit to reduce noise in an upcoming diff
and tiny KNF tweaks.

9 months agopurpose/trust: Improve comments about COUNT/MAX confusion
tb [Sun, 7 Jan 2024 16:22:46 +0000 (16:22 +0000)]
purpose/trust: Improve comments about COUNT/MAX confusion

9 months agoconst-correct r4_hmac_md5_cipher
tb [Sun, 7 Jan 2024 16:18:18 +0000 (16:18 +0000)]
const-correct r4_hmac_md5_cipher

9 months agoConvert the remaining legacy ciphers to C99 initializers
tb [Sun, 7 Jan 2024 15:42:57 +0000 (15:42 +0000)]
Convert the remaining legacy ciphers to C99 initializers

No change in the generated aarch64 assembly apart from line number changes.

ok jsing

9 months agoImprove EVP_CIPHER_{get,set}_asn1_iv()
tb [Sun, 7 Jan 2024 15:21:04 +0000 (15:21 +0000)]
Improve EVP_CIPHER_{get,set}_asn1_iv()

Use iv_len for the variables storing the IV length, formerly l and j.
Remove use of the unnecessary variable i and unindent the whole mess.
Some return values are fishy. That will be addressed in subsequent
commits.

ok jsing

9 months agoRemove X509_TRUST extensibility
tb [Sun, 7 Jan 2024 14:50:45 +0000 (14:50 +0000)]
Remove X509_TRUST extensibility

This is pretty much identical to the X509_PURPOSE case: remove the stack
used for extending and overriding the trust table and make X509_TRUST_add()
always fail. Simplify some other bits accordingly.

ok jsing

9 months agorpki-client: zap a stray space
tb [Sun, 7 Jan 2024 09:48:29 +0000 (09:48 +0000)]
rpki-client: zap a stray space

9 months agorpki-client: print revocation time in filemode
tb [Sun, 7 Jan 2024 09:48:03 +0000 (09:48 +0000)]
rpki-client: print revocation time in filemode

If a certificate was revoked, extract the revocation timestamp and
update the warning message in filemode to include it.

ok job

10 months agoZap some more CRL method things
tb [Sat, 6 Jan 2024 20:47:01 +0000 (20:47 +0000)]
Zap some more CRL method things

10 months agoPrevent use after free of TLS context at syslogd(8) shutdown.
bluhm [Sat, 6 Jan 2024 19:34:54 +0000 (19:34 +0000)]
Prevent use after free of TLS context at syslogd(8) shutdown.

When splitting the event fields f_ev and f_bufev, disabling some
events was missed.  Callbacks could happen after tls_free().  Call
bufferevent_disable() before f_bufev and struct filed are cleaned.
In some error cases f_bufev might be NULL, add a check before
cleanup.

OK tb@

10 months agoZap more obsolete debug code.
mglocker [Sat, 6 Jan 2024 17:47:43 +0000 (17:47 +0000)]
Zap more obsolete debug code.

10 months agoRemove X509_PURPOSE_cleanup() call in OPENSSL_cleanup()
tb [Sat, 6 Jan 2024 17:43:39 +0000 (17:43 +0000)]
Remove X509_PURPOSE_cleanup() call in OPENSSL_cleanup()

Since x509_purp.c r1.34 this is a noop since there is nothing to clean up
anymore. Remove the last caller.

10 months agoRemove X509_CRL_METHOD internals
tb [Sat, 6 Jan 2024 17:37:23 +0000 (17:37 +0000)]
Remove X509_CRL_METHOD internals

Another complication of dubious value that nobody's ever used. crl_init(),
crl_free() and the meth_data are dead weight, as are their accessors.

Inline def_crl_verify() in X509_CRL_verify() so that the latter becomes
the trivial wrapper of ASN1_item_verify() that one would expect it to be.
It is quite unclear what kind of customization would make sense here...

def_crl_lookup() is renamed into crl_lookup() and its two callers,
X509_CRL_lookup_by_{serial,cert}(), are moved below it so that we
don't need a prototype.

ok jsing

10 months agoRemove X509_PURPOSE extensibility
tb [Sat, 6 Jan 2024 17:17:08 +0000 (17:17 +0000)]
Remove X509_PURPOSE extensibility

Another bit of global state without lock protection. The by now familiar
complications of a stack to make this user configurable, which, of course,
no one ever did. The table is not currently const, and the API exposes its
entries directly, so anyone can modify it. This fits very well with the
safety guarantees of Rust's 'static lifetime, which is how rust-openssl
exposes it (for no good reason).

Remove the stack and make the X509_PURPOSE_add() API always fail.
Simplify the other bits accordingly.

In addition, this API inflicts the charming difference between purpose
identifiers and purpose indexes (the former minus one) onto the user.
Neither of the two obvious solutions to avoid this trap seems to have
crossed the implementer's mind.

ok jsing

10 months agorevert component_add() change
jsg [Sat, 6 Jan 2024 15:52:13 +0000 (15:52 +0000)]
revert component_add() change
avoids fault in amdgpu_dm_audio_component_bind()
problem reported by matthieu@

10 months agoErgaenzung der fehlenden Jahreszahlen;
schwarze [Sat, 6 Jan 2024 15:38:45 +0000 (15:38 +0000)]
Ergaenzung der fehlenden Jahreszahlen;
Flicken von Lennart Jablonka <humm bei ljabl Punkt com>

10 months agoUnify UFS command function arguments a bit.
mglocker [Sat, 6 Jan 2024 13:23:47 +0000 (13:23 +0000)]
Unify UFS command function arguments a bit.

10 months agovmm(4): reorder segment registers to match SDM.
dv [Sat, 6 Jan 2024 13:17:20 +0000 (13:17 +0000)]
vmm(4): reorder segment registers to match SDM.

Shuffles around the defines so the segment register indexes match
the values used by both Intel and AMD in vm exit information.
Simplifies some upcoming changes.

ok mlarkin@

10 months agoMerge read/write UFS commands in to one single function, since they are very
mglocker [Sat, 6 Jan 2024 13:04:03 +0000 (13:04 +0000)]
Merge read/write UFS commands in to one single function, since they are very
similar.

10 months agoremove stray semicolon
jsg [Sat, 6 Jan 2024 12:52:20 +0000 (12:52 +0000)]
remove stray semicolon
ok kettenis@

10 months agomove struct file_operations to linux/fs.h
jsg [Sat, 6 Jan 2024 12:50:58 +0000 (12:50 +0000)]
move struct file_operations to linux/fs.h
ok kettenis@

10 months agoDo not count packets though multicast loopback and simplex interfaces.
bluhm [Sat, 6 Jan 2024 11:42:11 +0000 (11:42 +0000)]
Do not count packets though multicast loopback and simplex interfaces.

Counting multicast packets sent to local stack or packets that are
reflected by simplex interfaces does not make much sense.  They are
neither received nor output by any ethernet device.  Counting these
packets at lo0 or the loopback interface of the routing domain would
be possible, but is not worth the effort.  Make if_input_local()
MP safe by deleting the if_opackets++ code.

OK mvs@

10 months agoput the real sizes into the "title" attribute so that hovering shows the
espie [Sat, 6 Jan 2024 11:29:00 +0000 (11:29 +0000)]
put the real sizes into the "title" attribute so that hovering shows the
exact value.

adjust/refactor javascript sorter accordingly

10 months agoTake net lock before kernel lock.
bluhm [Sat, 6 Jan 2024 10:58:45 +0000 (10:58 +0000)]
Take net lock before kernel lock.

Doing KERNEL_LOCK() just before NET_LOCK() does not make sense.
Net lock is a rwlock that releases kernel lock during sleep.  To
avoid an unnecessary release and take kernel lock cycle, move
KERNEL_LOCK() after NET_LOCK().
There is no lock order reversal deadlock issue.  Both locks are
used in any order thoughout the kernel.  As NET_LOCK() releases the
kernel lock when it cannot take the lock immediately and has to
sleep, we always end in the order kernel lock before net lock after
sleeping.

OK sashan@

10 months agoAdd more Linux compat code in preparation for the apple KMS driver.
kettenis [Sat, 6 Jan 2024 09:33:08 +0000 (09:33 +0000)]
Add more Linux compat code in preparation for the apple KMS driver.

ok jsg@

10 months agodevel/cargo: add support for installing several different paths
semarie [Sat, 6 Jan 2024 08:03:31 +0000 (08:03 +0000)]
devel/cargo: add support for installing several different paths

rename MODCARGO_INSTALL_TARGET_PATH to MODCARGO_INSTALL_TARGET_PATHS

10 months agoEVP_PKEY_asn1_find_str() tweaks
tb [Fri, 5 Jan 2024 21:22:01 +0000 (21:22 +0000)]
EVP_PKEY_asn1_find_str() tweaks

Switch i to a size_t and improve a flag check. Part of an earlier diff
that was ok jsing but were lost when I reworked the diff.

10 months agoRemove more __syscall() leftovers.
miod [Fri, 5 Jan 2024 19:34:19 +0000 (19:34 +0000)]
Remove more __syscall() leftovers.

10 months agoImprove rtr_send_error() logging and demote the FSM state changes from
claudio [Fri, 5 Jan 2024 11:02:57 +0000 (11:02 +0000)]
Improve rtr_send_error() logging and demote the FSM state changes from
log_info to log_debug.
OK tb@

10 months agoWait until the expected interface state is reached instead of relying on
anton [Fri, 5 Jan 2024 10:37:54 +0000 (10:37 +0000)]
Wait until the expected interface state is reached instead of relying on
arbitrary sleeps. Should hopefully make these tests more stable.

10 months agoevp_key.c: Remove more unnecessary parentheses
tb [Fri, 5 Jan 2024 10:18:52 +0000 (10:18 +0000)]
evp_key.c: Remove more unnecessary parentheses

10 months agoMinor tweaks in EVP_read_pw_string_min()
tb [Fri, 5 Jan 2024 10:15:36 +0000 (10:15 +0000)]
Minor tweaks in EVP_read_pw_string_min()

Remove unnecessary parentheses and use a better place to break an overlong
line.

10 months agoPlug a leak in EVP_read_pw_string_min()
tb [Fri, 5 Jan 2024 10:14:08 +0000 (10:14 +0000)]
Plug a leak in EVP_read_pw_string_min()

Use an error exit that frees the ui in case the UI_add_* fail. Also add
a few empty lines for readability.

ok joshua

10 months agoZap some '#if 0' code which was initially required for debugging.
mglocker [Thu, 4 Jan 2024 21:35:56 +0000 (21:35 +0000)]
Zap some '#if 0' code which was initially required for debugging.

10 months agoSet the interrupt aggregation counter down to 1, which fixes the read
mglocker [Thu, 4 Jan 2024 21:02:30 +0000 (21:02 +0000)]
Set the interrupt aggregation counter down to 1, which fixes the read
performance from ~20MB/s to ~220MB/s.

10 months agoAdjust IPLs to give us more interrupt vectors for IPL_NET. That is where
kettenis [Thu, 4 Jan 2024 20:50:43 +0000 (20:50 +0000)]
Adjust IPLs to give us more interrupt vectors for IPL_NET.  That is where
we need them most since multi-queue NICs seem to be a thing now.

ok patrick@, mlarkin@, jan@

10 months agoDisable EVP_PKEY_meth_* extensibility
tb [Thu, 4 Jan 2024 20:15:01 +0000 (20:15 +0000)]
Disable EVP_PKEY_meth_* extensibility

This removes the global pkey_app_methods stack that was never cleaned up
and makes EVP_PKEY_meth_add0() always fail and push an error on the stack.
EVP_PKEY_meth_find() can now walk the list of PKEY_METHODs forward and
things become a bit cleaner. It's still all way more complicated than it
needs to be...

ok jsing

10 months agoRemove last external call to EVP_PKEY_meth_find()
tb [Thu, 4 Jan 2024 20:02:10 +0000 (20:02 +0000)]
Remove last external call to EVP_PKEY_meth_find()

In order to determine whether GOST is properly enabled, libssl has various
weird dances. In this specific case, it calls EVP_PKEY_meth_find() to see
whether the relevant cipher is around. Check the same thing with an #ifdef
instead.

ok jsing

10 months agomake auto-index better
espie [Thu, 4 Jan 2024 18:17:47 +0000 (18:17 +0000)]
make auto-index better
- make it an actual table
- use "human readable sizes" for the file sizes
- add some decoration and javascript to be able to sort it per-column
(client side) (this means some extra column attribute)
- add glue to facilitate embedding js + css directly in the program
- add some graphical indication for directories
- should still validate as proper html everywhere (custom properties
need to be called data-* for this!)

Work with claudio@ and tb@, many thanks to claudio@ for some of the finer
points of css handling, and tb@ for some fine spaces fixes.

I've tried it with lynx as well, shows up correctly.

One big plus is that the size of columns work as utf-8, so you can expose
filenames without any problems (I've tried it with non-js text navigators
as well as firefox, chromium and friends)

And it looks slightly less yahoo ca. 1995.

It's still "one size fits all". If people object to the current look, adding
httpd.conf(5) properties to override the default css should be easy.

okay claudio@, tb@

10 months agoRemove unused app_data from EVP_CIPHER
tb [Thu, 4 Jan 2024 17:38:36 +0000 (17:38 +0000)]
Remove unused app_data from EVP_CIPHER

The EVP_CIPHER structs are static const data that the library returns when
you call EVP_aes_128_cbc(), for example. It makes no sense whatsoever to
hang user data off such a struct, but it's been there since forever.

ok jsing