tb [Tue, 9 Jul 2024 16:27:48 +0000 (16:27 +0000)]
Spell OPENSSL_zalloc() correctly as calloc()
tb [Tue, 9 Jul 2024 16:26:59 +0000 (16:26 +0000)]
Mechanically replace KDFerr() with KDFerror()
florian [Tue, 9 Jul 2024 16:24:57 +0000 (16:24 +0000)]
Track configured and new prefix delegations in iface.
When the DHCPv6 server renumbers and hands us new delegations we have
to deconfigure the old prefixes. To prevent situations where we have
no IPv6 at all, first configure the new prefixes and then remove the
old prefixes.
tb [Tue, 9 Jul 2024 16:24:47 +0000 (16:24 +0000)]
Add a verbatim copy of tls1_prf.c from OpenSSL 1.1.1
From the last public commit
b372b1f76450acdfed1e2301a39810146e28b02c
of the OpenSSL_1_1_1-stable branch
SHA256 (kdf/tls1_prf.c) = a519d3ff721d4ec59befac8586e24624fa87d9d8f6479327f7af58d652b6e4e5
Will be beat (a little bit) into shape in tree before linking it to the
build.
ok jsing
tb [Tue, 9 Jul 2024 16:20:17 +0000 (16:20 +0000)]
Add various defines for TLS1-PRF
ok jsing
florian [Tue, 9 Jul 2024 16:15:42 +0000 (16:15 +0000)]
Skip prefixes with vltime 0.
Servers indicate unusable prefixes with vltime 0 when we are in
state reboot and probably hand us new, valid prefixes.
In IPv4 dhcp we would receive a NACK instead...
tb [Tue, 9 Jul 2024 16:15:37 +0000 (16:15 +0000)]
Add EVP_PKEY_TLS1_PRF as alias for NID_tls1_prf
ok jsing
tb [Tue, 9 Jul 2024 16:12:33 +0000 (16:12 +0000)]
Choose fixed NID for TLS1-PRF
tb [Tue, 9 Jul 2024 16:12:08 +0000 (16:12 +0000)]
Add NID for TLS1-PRF
ok jsing
mpi [Tue, 9 Jul 2024 16:08:30 +0000 (16:08 +0000)]
Read the whole buffer, not its size minus one.
From Christian Ludwig cludwig at genua.de.
jmatthew [Tue, 9 Jul 2024 16:04:15 +0000 (16:04 +0000)]
netlock is no longer held for SIOCSIFMEDIA and SIOCGIFMEDIA, so rely on
the kernel lock instead, as done in if_ixl.c r1.84.
from Yuichiro NAITO
mlarkin [Tue, 9 Jul 2024 15:51:11 +0000 (15:51 +0000)]
vmctl(8): set exit code for vmctl stat -r
set exit code to 1 if no running VMs are detected with vmctl stat -r.
ok dv
claudio [Tue, 9 Jul 2024 15:20:15 +0000 (15:20 +0000)]
Remove splassert() for now since IPL_STATCLOCK is MD and not all archs have it.
Noticed by bluhm@ on octeon
op [Tue, 9 Jul 2024 14:51:37 +0000 (14:51 +0000)]
document C-u handling on shell-command{,-on-region}, forgot in previous
krw [Tue, 9 Jul 2024 14:47:21 +0000 (14:47 +0000)]
Removing 'softdep' options from fstab entries during upgrade is no longer
necessary as 'softdep' is now a no-op.
ok beck@ sthen@
op [Tue, 9 Jul 2024 14:46:17 +0000 (14:46 +0000)]
mg: handle C-u in M-! and M-|
With the C-u modifier, these commands (respectively shell-command
and shell-command-on-region) will operate in-place instead of opening
a special buffer with the result.
ok and lots of feedback from florian@
(signature for iomux and preadin changed after the ok -- the buffer
pointer was no longer needed)
beck [Tue, 9 Jul 2024 13:43:57 +0000 (13:43 +0000)]
Don't push the error stack in ssl_sigalg_select()
Doing so breaks certificate selection if a TLS 1.3 client does not support
EC certs, and needs to fall back to RSA.
ok tb@
florian [Tue, 9 Jul 2024 13:27:18 +0000 (13:27 +0000)]
remove unnused prototype
bentley [Tue, 9 Jul 2024 13:05:15 +0000 (13:05 +0000)]
Document MODFONT_DOCDIR and MODFONT_DOCFILES.
beck [Tue, 9 Jul 2024 12:27:27 +0000 (12:27 +0000)]
Fix TLS key share check to not fire when using < TLS 1.3
The check was being too aggressive and was catching us when the
extension was being sent by a client which supports tls 1.3 but
the server was capped at TLS 1.2. This moves the check after the
max version check, so we won't error out if we do not support
TLS 1.3
Reported by obsd@bartula.de
ok tb@
deraadt [Tue, 9 Jul 2024 11:21:44 +0000 (11:21 +0000)]
do not need to force bss values to 0
deraadt [Tue, 9 Jul 2024 11:15:58 +0000 (11:15 +0000)]
do a manual ret-clean operation inside the vmm_dispatch_intr asm code
ok mlarkin
tb [Tue, 9 Jul 2024 10:51:14 +0000 (10:51 +0000)]
sync with userland: let z_off_t fall back to long long instead of long
In the boot blocks, this would result in various 64-bit instruction being
used, which might result in undesirable bloat in legacy boot loaders, so
add a workaround for the _STANDALONE case to still fall back to long
instead of long long.
with/ok deraadt, ok millert
tb [Tue, 9 Jul 2024 10:48:31 +0000 (10:48 +0000)]
Let z_off_t fall back to long long instead of only long
This is a noop on OpenBSD in userland
ok deraadt millert
beck [Tue, 9 Jul 2024 09:39:14 +0000 (09:39 +0000)]
Actually enable namespaced builds in both libcrypto and libssl
(instead of commiting only one part)
bluhm [Tue, 9 Jul 2024 09:33:13 +0000 (09:33 +0000)]
IPv6 forward copies small packet content on the stack.
Unfortunately RFC 4443 demands that the ICMP6 error packet containing
the orignal packet is up to 1280 bytes long. That means for every
forwarded packet forward() creates a mbuf copy, just in case delivery
fails.
For small packets we can copy the content on the stack like IPv4
forward does. This saves us some mbuf allocations if the content
is shorter than the mbuf data size.
OK mvs@
dv [Tue, 9 Jul 2024 09:31:37 +0000 (09:31 +0000)]
vmd/vmm: move vm_run_params into mi header.
To prepare for mi/md splitting vmd, need to fixup the dev/vmm/vmm.h
mi header. Move the vm_run_params struct and clean up the includes
in vmd.
"sure", mlarkin@
claudio [Tue, 9 Jul 2024 09:22:50 +0000 (09:22 +0000)]
Reshuffle the switch cases in ptsignal and single_thread_set to be
in the order needed for future changes. No functional change.
OK mpi@
kettenis [Tue, 9 Jul 2024 08:47:10 +0000 (08:47 +0000)]
Implement MSI multiple-vector support.
ok patrick@
claudio [Tue, 9 Jul 2024 08:44:36 +0000 (08:44 +0000)]
In sched_toidle() only call the TRACEPOINT if curproc is set.
sched_toidle() is called by cpu_hatch() to start APs and then curproc
may be NULL.
OK mpi@
tb [Tue, 9 Jul 2024 07:57:57 +0000 (07:57 +0000)]
Add bounded attributes to hmac.h
ok beck
deraadt [Tue, 9 Jul 2024 07:51:09 +0000 (07:51 +0000)]
KNF a pile of else if blocks; ok tb
beck [Tue, 9 Jul 2024 07:39:21 +0000 (07:39 +0000)]
Enable namespaced builds by default for libssl and libcrypto.
Some further refinements will happen to the build process to
automatically generate the Symbols.namespace file, and to remove
our last public unhidden symbol (which was a mistake, but waits for
a major bump to get removed)
But for now everything should be using this.
ok tb@
mlarkin [Tue, 9 Jul 2024 07:28:12 +0000 (07:28 +0000)]
Remove trailing whitespace. No code change.
beck [Tue, 9 Jul 2024 07:17:13 +0000 (07:17 +0000)]
Hide remaining unused ERR functions in err.h
ok tb@
beck [Tue, 9 Jul 2024 07:16:44 +0000 (07:16 +0000)]
Hide CRYPTO_get_dynlock_create_callback
ok tb@
beck [Tue, 9 Jul 2024 07:16:13 +0000 (07:16 +0000)]
Hide DES global variables
ok tb@
beck [Tue, 9 Jul 2024 07:15:39 +0000 (07:15 +0000)]
Add missing symbols to Symbols.namespace
ok tb@
beck [Tue, 9 Jul 2024 07:14:26 +0000 (07:14 +0000)]
Remove duplicates from Symbols.namespace
ok tb@
beck [Tue, 9 Jul 2024 06:14:59 +0000 (06:14 +0000)]
Hide symbols for two missed public functions in bio.h
ok tb@
beck [Tue, 9 Jul 2024 06:13:22 +0000 (06:13 +0000)]
Hide global _it symbols in pkcs12.h
ok tb@
beck [Tue, 9 Jul 2024 06:12:45 +0000 (06:12 +0000)]
Hide global _it symbola in cms.h
ok tb@
jmc [Tue, 9 Jul 2024 05:19:41 +0000 (05:19 +0000)]
point mount -> mount point;
from netbsd -r1.46/pgoyette
jsg [Tue, 9 Jul 2024 04:42:48 +0000 (04:42 +0000)]
change format strings to fix SEM_DEBUG build
jsg [Tue, 9 Jul 2024 03:21:47 +0000 (03:21 +0000)]
spelling
jsg [Tue, 9 Jul 2024 01:21:19 +0000 (01:21 +0000)]
fix disasm of fucompp
when merging changes from FreeBSD in i386 rev 1.10
db_Esca5 was added but not used
ok mlarkin@
dv [Mon, 8 Jul 2024 17:33:45 +0000 (17:33 +0000)]
Quiet vmd in debug logging mode. We don't need to hear about handled
page faults.
sure, @mlarkin.
beck [Mon, 8 Jul 2024 17:11:05 +0000 (17:11 +0000)]
Hide global _it symbols in dsa.h
ok tb@
beck [Mon, 8 Jul 2024 17:10:18 +0000 (17:10 +0000)]
Hide global _it symbols in rsa.h
ok tb@
beck [Mon, 8 Jul 2024 17:01:54 +0000 (17:01 +0000)]
Guard variable declarations to unbreak non-namespaced builds.
ok tb@
beck [Mon, 8 Jul 2024 16:24:22 +0000 (16:24 +0000)]
Hide global _it symbols in asn1t.h
ok tb@
beck [Mon, 8 Jul 2024 16:23:27 +0000 (16:23 +0000)]
Hide global _it symbols in pkcs7.h
ok tb@
mpi [Mon, 8 Jul 2024 16:15:42 +0000 (16:15 +0000)]
Remove the KASSERT() in sched_unpeg_curproc().
This fix rebooting a GENERIC.MP kernel on SP machines because unpeg is out
of the loop in smr_thread().
tb [Mon, 8 Jul 2024 16:11:47 +0000 (16:11 +0000)]
x509_pubkey_get_ski() should support non-rsa keys
for now add an XXX reminder.
Pointed out by job a while back
ratchov [Mon, 8 Jul 2024 16:10:34 +0000 (16:10 +0000)]
aucat: check for failled allocation
From Nihal Jere <nihal@nihaljere.xyz>, thanks!
krw [Mon, 8 Jul 2024 16:07:36 +0000 (16:07 +0000)]
Don't check op_q_alloc for non-NULL before invoking op_q_free.
Check op_q_free for non-NULL instead.
Neither are currently set to non-NULL anywhere.
ok jmatthew@
tb [Mon, 8 Jul 2024 15:31:58 +0000 (15:31 +0000)]
Ensure that the rpkiManifest is a file in the caRepository
discussed with jca and job
ok claudio
tb [Mon, 8 Jul 2024 15:31:11 +0000 (15:31 +0000)]
Normalize the rsync caRepository to contain a trailing slash
discussed with jca
ok claudio
jmc [Mon, 8 Jul 2024 15:02:28 +0000 (15:02 +0000)]
remove a further spkac reference; ok tb
beck [Mon, 8 Jul 2024 14:53:11 +0000 (14:53 +0000)]
Hide global _it variables in ocsp.h
ok tb@
beck [Mon, 8 Jul 2024 14:52:31 +0000 (14:52 +0000)]
Hide global _it variables in asn1.h
ok tb@
beck [Mon, 8 Jul 2024 14:48:49 +0000 (14:48 +0000)]
Hide global _it variables in x509.h
ok tb@
beck [Mon, 8 Jul 2024 14:47:44 +0000 (14:47 +0000)]
Hide global _it variables in x509v3.h
ok tb@
ajacoutot [Mon, 8 Jul 2024 14:47:42 +0000 (14:47 +0000)]
Use install -F instead of cat(1); no clue what I was thinking.
ok robert@
mpi [Mon, 8 Jul 2024 14:46:47 +0000 (14:46 +0000)]
Introduce sched_unpeg_curproc() to abstract the current implementation.
ok kettenis@, mlarkin@, miod@, claudio@
op [Mon, 8 Jul 2024 14:33:29 +0000 (14:33 +0000)]
mg: fix auto-indent-mode with custom tab widths
dointent() didn't know about set-tab-width so it was mis-indenting
the lines. Diff from Mark Willson (mark dot willson at hydrus.org.uk),
with a tiny change by me.
ajacoutot [Mon, 8 Jul 2024 14:32:44 +0000 (14:32 +0000)]
Prevent rewriting /etc/rc.conf.local unconditionnally. Compare the new and old
ones and do nothing is they match.
This mean that "rcctl enable foobar" will not touch anything is foobar is
already enabled.
spotted by robert@ using Saltstack (that runs "rcctl enable ..." on a regular
basis).
ok robert@
florian [Mon, 8 Jul 2024 14:22:09 +0000 (14:22 +0000)]
cleanup unused variable
op [Mon, 8 Jul 2024 14:15:33 +0000 (14:15 +0000)]
add TSF
florian [Mon, 8 Jul 2024 13:46:33 +0000 (13:46 +0000)]
IN_MULTICAST uses host byte order
I somehow missed this when ripping out 3 layers of indirections.
from niklas
claudio [Mon, 8 Jul 2024 13:18:26 +0000 (13:18 +0000)]
Adjust code since FILL_KPROC() got another argument since struct tusage
accounting was modified.
OK dlg@ jca@
claudio [Mon, 8 Jul 2024 13:17:11 +0000 (13:17 +0000)]
Rework per proc and per process time usage accounting
For procs (threads) the accounting happens now lockless by curproc using
a generation counter. Callers need to use tu_enter() and tu_leave() for this.
To read the proc p_tu struct tuagg_get_proc() should be used. It ensures
that the values read is consistent.
For processes only the time of exited threads is accumulated in ps_tu and
to get the proper process time usage tuagg_get_process() needs to be called.
tuagg_get_process() will sum up all procs p_tu plus the ps_tu.
This removes another SCHED_LOCK() dependency. Adjust the code in
exit1() and exit2() to correctly account for the full run time.
For this adjust sched_exit() to do the runtime accounting like it is done
in mi_switch().
OK jca@ dlg@
claudio [Mon, 8 Jul 2024 09:15:05 +0000 (09:15 +0000)]
Fix comment for exit2() this code is called by sched_idle() not cpu_exit().
The note can be removed but add a comment that since this is called from
the idle process exit2() is not allowed to sleep.
OK jca@
landry [Mon, 8 Jul 2024 08:07:45 +0000 (08:07 +0000)]
octeon/cnmac: assume 1Gbps in the default case
avoids a division by 0 when up'ing the non-working cnmac2 on er-poe
feedback from visa@:
"The cnmac2 link is connected to a discrete Ethernet switch chip on the
PoE, and this link does not carry RGMII in-band PHY status. If the code
were to support such hardware designs in the future, something like this
patch would be needed."
this diff from miod@, same diff from visa@ in 2017
(cf https://marc.info/?l=openbsd-bugs&m=
151017517115440&w=2)
ok visa@
jca [Mon, 8 Jul 2024 06:57:37 +0000 (06:57 +0000)]
Pretend to clarify the way ipv6_asc() works
Give example IPv6 addresses to clarify what is meant with 1, 2 or 3 zero
length elements.
tb made me look.
perverted, twisted, crippled
tb [Mon, 8 Jul 2024 06:00:34 +0000 (06:00 +0000)]
Adjust regress for SPKAC removal
ok jsing
tb [Mon, 8 Jul 2024 06:00:09 +0000 (06:00 +0000)]
Adjust manpage for SPKAC removal
ok jsing
tb [Mon, 8 Jul 2024 05:59:10 +0000 (05:59 +0000)]
Remove spkac subcommand
Google killed efforts to have SPKAC in html5 by zapping it from chrome
a decade ago. This effort doesn't look like it's going anywhere:
https://datatracker.ietf.org/doc/draft-leggett-spkac/
Unfortunately, PHP and Ruby still support NETSCAPE_SPKI, so we can't
kill that code, but I see no real reason we need to support this in our
openssl command. If the need should arise we can write a somewhat less
poor version of this.
ok jsing
tb [Mon, 8 Jul 2024 05:56:17 +0000 (05:56 +0000)]
Remove spkac handling from openssl(1) ca
This is very poorly written code and now the only consumer of some
public API that should not have survived the turn of the millenium.
ok jsing
djm [Mon, 8 Jul 2024 03:04:34 +0000 (03:04 +0000)]
don't need return at end of void function
jsg [Mon, 8 Jul 2024 02:20:29 +0000 (02:20 +0000)]
drm/amdgpu/atomfirmware: fix parsing of vram_info
From Alex Deucher
01f58871af9c2cffcb57b77336994e6bfe37c1f0 in linux-6.6.y/6.6.37
f6f49dda49db72e7a0b4ca32c77391d5ff5ce232 in mainline linux
jsg [Mon, 8 Jul 2024 02:18:34 +0000 (02:18 +0000)]
drm/amd/display: Send DP_TOTAL_LTTPR_CNT during detection if LTTPR is present
From Michael Strauss
89d8a851543e1aab6ea5c8a06d02dbe982948508 in linux-6.6.y/6.6.37
2ec6c7f802332d1eff16f03e7c757f1543ee1183 in mainline linux
jsg [Mon, 8 Jul 2024 02:15:57 +0000 (02:15 +0000)]
drm/i915/gt: Fix potential UAF by revoke of fence registers
From Janusz Krzysztofik
06dec31a0a5112a91f49085e8a8fa1a82296d5c7 in linux-6.6.y/6.6.37
996c3412a06578e9d779a16b9e79ace18125ab50 in mainline linux
jsg [Mon, 8 Jul 2024 02:13:36 +0000 (02:13 +0000)]
drm/fbdev-dma: Only set smem_start is enable per module option
From Thomas Zimmermann
f29fcfbf6067c0d8c83f84a045da9276c08deac5 in linux-6.6.y/6.6.37
d92a7580392ad4681b1d4f9275d00b95375ebe01 in mainline linux
jsg [Mon, 8 Jul 2024 02:10:48 +0000 (02:10 +0000)]
drm/drm_file: Fix pid refcounting race
From Jann Horn
16682588ead4a593cf1aebb33b36df4d1e9e4ffa in linux-6.6.y/6.6.37
4f2a129b33a2054e62273edd5a051c34c08d96e9 in mainline linux
jsg [Mon, 8 Jul 2024 02:08:07 +0000 (02:08 +0000)]
drm/amdgpu: Fix pci state save during mode-1 reset
From Lijo Lazar
f16c10e05f1406576ddcb8dc598a661522959f75 in linux-6.6.y/6.6.37
74fa02c4a5ea1ade5156a6ce494d3ea83881c2d8 in mainline linux
jsg [Mon, 8 Jul 2024 02:06:11 +0000 (02:06 +0000)]
drm/radeon/radeon_display: Decrease the size of allocated memory
From Erick Archer
41e58607a57c4c9963e2c736e1a8c90141207b69 in linux-6.6.y/6.6.37
ae6a233092747e9652eb793d92f79d0820e01c6a in mainline linux
patrick [Sun, 7 Jul 2024 09:38:44 +0000 (09:38 +0000)]
Add device tree mapping for Lenovo Yoga Slim 7x.
ok kettenis@
jsg [Sun, 7 Jul 2024 03:03:09 +0000 (03:03 +0000)]
remove unused i386_spurious()
jsg [Sun, 7 Jul 2024 01:39:06 +0000 (01:39 +0000)]
remove unused ufs_ihashlookup()
ok mlarkin@
jmc [Sat, 6 Jul 2024 15:33:17 +0000 (15:33 +0000)]
rework the "random" text:
- add "~" to the valid field table, as pointed out by sthen
- note that the value is generated whenever the tab is loaded,
as requested by K R
- clarify the text, as pointed out by deraadt
ok stehn millert
jsg [Sat, 6 Jul 2024 10:39:50 +0000 (10:39 +0000)]
remove ampintc_intr_string(), unused on arm64
ok mlarkin@ kettenis@
jsg [Sat, 6 Jul 2024 09:53:25 +0000 (09:53 +0000)]
remove unused nfs_null()
ok miod@ mlarkin@
landry [Sat, 6 Jul 2024 06:15:17 +0000 (06:15 +0000)]
octeon/cnmac: Skip the switch port (cnmac2) on the 5-ports EdgeRouter POE
it doesn't work as is and would need a separate driver ?
based on a 2017 diff from visa@
ok visa@
patrick [Sat, 6 Jul 2024 05:34:35 +0000 (05:34 +0000)]
Fix last commit; the flag has a slightly different prefix
patrick [Fri, 5 Jul 2024 22:53:57 +0000 (22:53 +0000)]
When trying to enable multiple MSI vectors, check the flag first whether
or not it's supported. This allows qwx(4) to properly handle missing
support for that and switch back to a single MSI vector.
ok kettenis@
patrick [Fri, 5 Jul 2024 22:52:25 +0000 (22:52 +0000)]
On Qualcomm machines, make use of the in-built MSI functionality in case
we don't have an msi-map pointing us to the GIC-MSI. This enables MSIs
on the Snapdragon X Elite or the Lenovo x13s in case it's running an
unpatched DTB.
ok kettenis@
patrick [Fri, 5 Jul 2024 21:24:13 +0000 (21:24 +0000)]
Only call qwx_dp_service_srng() if ext irq is enabled. It would be nicer
if we could simply call the ext irq handler which already does that, but
that is requiring the irq groups to be set up to point to our softc, so
let's just check it again. This allows single-msi vectors to behave.
ok stsp@
jsg [Fri, 5 Jul 2024 05:42:08 +0000 (05:42 +0000)]
remove unused vn_isdisk(), added for softdep
ok kn@
djm [Thu, 4 Jul 2024 22:53:59 +0000 (22:53 +0000)]
fix grammar: "a pattern lists" -> "one or more pattern lists"