openbsd
3 years agoConsolidate disk geometry fiddling, turning -l/-c/-h/-s values into MBR
krw [Thu, 15 Jul 2021 21:23:54 +0000 (21:23 +0000)]
Consolidate disk geometry fiddling, turning -l/-c/-h/-s values into MBR
partition geometry info, into DISK_open(). Resulting in clearer logic.

No intentional functional change.

3 years agomore space savings
deraadt [Thu, 15 Jul 2021 15:37:55 +0000 (15:37 +0000)]
more space savings

3 years agospace savings on install kernels. (restore and ralink drivers+firmware go
deraadt [Thu, 15 Jul 2021 15:33:47 +0000 (15:33 +0000)]
space savings on install kernels.  (restore and ralink drivers+firmware go
away)

3 years agoWrap over 80 long lines in ca.c
inoguchi [Thu, 15 Jul 2021 12:41:49 +0000 (12:41 +0000)]
Wrap over 80 long lines in ca.c

3 years agoExplicitly check pointer variable if it is NULL or not in ca.c
inoguchi [Thu, 15 Jul 2021 11:43:27 +0000 (11:43 +0000)]
Explicitly check pointer variable if it is NULL or not in ca.c

3 years agoFix regress for rpki-client
job [Thu, 15 Jul 2021 11:07:33 +0000 (11:07 +0000)]
Fix regress for rpki-client

spotted by bluhm

3 years agoRemove space between '*' and pointer variable in ca.c
inoguchi [Thu, 15 Jul 2021 10:26:43 +0000 (10:26 +0000)]
Remove space between '*' and pointer variable in ca.c

3 years agoUse 'serial' rather than 'ser' in ca.c
inoguchi [Thu, 15 Jul 2021 10:15:22 +0000 (10:15 +0000)]
Use 'serial' rather than 'ser' in ca.c

input from jsing@

3 years agoConvert openssl(1) ca option handling
inoguchi [Thu, 15 Jul 2021 09:56:32 +0000 (09:56 +0000)]
Convert openssl(1) ca option handling

New option handling for openssl(1) ca.
This diff is just replacing with new option handling, no functional change.
I'm using the word DN or RDN in description as manual uses them, rather than
replacing with "Distinguished Name" or "Relative Distinguished Name".

I would like to add another fixes below by follow-up diffs.
- remove space between '*' and pointer variable
- wrap 80+ long lines
- explicitly check pointer variable if it is NULL or not

comments and ok from jsing@

3 years agoUNVEIL_INSPECT is no longer needed, adjust code accordingly.
claudio [Thu, 15 Jul 2021 06:57:02 +0000 (06:57 +0000)]
UNVEIL_INSPECT is no longer needed, adjust code accordingly.
OK semarie@

3 years agodrm/amd/dc: Fix a missing check bug in dm_dp_mst_detect()
jsg [Thu, 15 Jul 2021 01:24:07 +0000 (01:24 +0000)]
drm/amd/dc: Fix a missing check bug in dm_dp_mst_detect()

From Yingjie Wang
5885fce7b43919406b32d1c942c9b496aac3abbc in linux 5.10.y/5.10.50
655c0ed19772d92c9665ed08bdc5202acc096dda in mainline linux

3 years agodrm/bridge: Fix the stop condition of drm_bridge_chain_pre_enable()
jsg [Thu, 15 Jul 2021 01:20:28 +0000 (01:20 +0000)]
drm/bridge: Fix the stop condition of drm_bridge_chain_pre_enable()

From Douglas Anderson
0cd39c96574d19e234cee971868c82c3769c2ee6 in linux 5.10.y/5.10.50
bab5cca7e609952b069a550e39fe4893149fb658 in mainline linux

3 years agoExport SA replay counters via pfkey and print with ipsecctl.
tobhe [Wed, 14 Jul 2021 22:39:26 +0000 (22:39 +0000)]
Export SA replay counters via pfkey and print with ipsecctl.
This is useful for debugging replay window issues with 64 bit
sequence numbers in IPsec.

ok bluhm@

3 years agoAfter VFS shutdown, init(8) cannot map a missing page that contains
bluhm [Wed, 14 Jul 2021 22:09:24 +0000 (22:09 +0000)]
After VFS shutdown, init(8) cannot map a missing page that contains
the signal handler code.  Traditionally a process would spin in
such a case, but we changed the logic in revision 1.167 trapsignal()
to receive a fatal signal.  If that happens to init(8), the kernel
panics.  In case of reboot, jump between init signal handler and
page fault trap until the kernel resets the machine.
reported and tested weerd@; OK deraadt@

3 years agoResend the TCP packet only if the MTU locked flag appears at the
bluhm [Wed, 14 Jul 2021 21:07:36 +0000 (21:07 +0000)]
Resend the TCP packet only if the MTU locked flag appears at the
route and was not there before.  This should prevent a recursion
in path MTU discovery with TCP over IPsec.
reported and tested Matthias Schmidt; tested and OK tobhe@

3 years agoShrink cluster size for FAT32 to fullfil the new minimum cluster
bluhm [Wed, 14 Jul 2021 18:23:11 +0000 (18:23 +0000)]
Shrink cluster size for FAT32 to fullfil the new minimum cluster
limit of newfs_msdos for our small 64 MB vnd disk image.
suggested by jsg@

3 years agoLibreSSL error message has changed, adapt test.
bluhm [Wed, 14 Jul 2021 17:58:51 +0000 (17:58 +0000)]
LibreSSL error message has changed, adapt test.

3 years agoRemove unneeded calls to tls_init(3)
kn [Wed, 14 Jul 2021 13:33:57 +0000 (13:33 +0000)]
Remove unneeded calls to tls_init(3)

As per the manual and lib/libtls/tls.c revision 1.79 from 2018
"Automatically handle library initialisation for libtls." initialisation
is handled automatically by other tls_*(3) functions.

Remove explicit tls_init() calls from base to not give the impression of
it being needed.

Feedback tb
OK Tests mestre

3 years agoRestructure the getopt_long options. Sort them mostly by name with the
claudio [Wed, 14 Jul 2021 11:14:27 +0000 (11:14 +0000)]
Restructure the getopt_long options. Sort them mostly by name with the
exception of no-xyz options that are grouped with the coresponding xyz
option. Fix --no-motd to use the internal flag setting of getopt_long.
Also use some defines instead of numbers for pure long options that
need special handling.
OK benno@

3 years agotimeout_add() always sets a new expiry time unrelated to the previous
jsg [Wed, 14 Jul 2021 09:56:17 +0000 (09:56 +0000)]
timeout_add() always sets a new expiry time unrelated to the previous
one and requeues as needed so no need to call timeout_del() before
timeout_add()

spotted by kettenis@

3 years agoMove default value for TERM into tmux.h.
nicm [Wed, 14 Jul 2021 08:56:00 +0000 (08:56 +0000)]
Move default value for TERM into tmux.h.

3 years agoreorder SessionType; ok djm
jmc [Wed, 14 Jul 2021 06:46:38 +0000 (06:46 +0000)]
reorder SessionType; ok djm

3 years agoWhen mod_timer() is called with a value less than or equal to the
jsg [Wed, 14 Jul 2021 05:42:47 +0000 (05:42 +0000)]
When mod_timer() is called with a value less than or equal to the
current number of jiffies delete the timeout and reschedule for the next
tick.  Avoids timeout_add() failing the ticks >= 0 assertion when
mod_timer() is called from i915_utils.c set_timer_ms().

Reported and earlier version tested by Tom Murphy on Kaby Lake R.

3 years agoAdjust expected certificate error message. Caused by recent work to support
anton [Wed, 14 Jul 2021 05:04:08 +0000 (05:04 +0000)]
Adjust expected certificate error message. Caused by recent work to support
partial chains in libcrypto.

ok bluhm@

3 years agofix "logically dead code" flagged by coverity
daniel [Wed, 14 Jul 2021 01:11:13 +0000 (01:11 +0000)]
fix "logically dead code" flagged by coverity

It looks like twe was refactored in 2011 and one error check was missed.
While the device may no longer be widely used, this helps reduce the
coverity alert count.

CID 1453371

ok krw@

3 years agoadd a SessionType directive to ssh_config, allowing the configuration
djm [Tue, 13 Jul 2021 23:48:36 +0000 (23:48 +0000)]
add a SessionType directive to ssh_config, allowing the configuration
file to offer equivalent control to the -N (no session) and -s
(subsystem) command-line flags.

Part of GHPR#231 by Volker Diels-Grabsch with some minor tweaks;
feedback and ok dtucker@

3 years agoNo need to manually reinvent nitems() 5 times to scan part_types.
krw [Tue, 13 Jul 2021 22:10:20 +0000 (22:10 +0000)]
No need to manually reinvent nitems() 5 times to scan part_types.

No functional change.

3 years agoGive #() commands a one second grace period where the output is empty
nicm [Tue, 13 Jul 2021 22:09:29 +0000 (22:09 +0000)]
Give #() commands a one second grace period where the output is empty
before telling the user they aren't doing anything. GitHub issue 2774.

3 years agoEnsure that we don't overrun the TX FIFO for longer transfers. Check
patrick [Tue, 13 Jul 2021 22:08:50 +0000 (22:08 +0000)]
Ensure that we don't overrun the TX FIFO for longer transfers.  Check
the limit after every character, and wait for the FIFO to empty before
sending out more bytes.  With this I can now use ipmitool(1) to change
IPMI passwords on the Ampere eMAG.

ok kettenis@

3 years agoBeauharnios -> Beauharnois
tb [Tue, 13 Jul 2021 19:28:05 +0000 (19:28 +0000)]
Beauharnios -> Beauharnois

3 years agoAdd more checks for eContent 'version' fields.
job [Tue, 13 Jul 2021 18:39:39 +0000 (18:39 +0000)]
Add more checks for eContent 'version' fields.

Input from deraadt@, tb@, claudio@

OK deraadt@ claudio@ tb@

3 years agoFix TIMEOUT_INITIALIZER_{FLAGS,KCLOCK}() macro.
mvs [Tue, 13 Jul 2021 17:50:19 +0000 (17:50 +0000)]
Fix TIMEOUT_INITIALIZER_{FLAGS,KCLOCK}() macro.

ok cheloha@

3 years agomodernize province abbreviations
deraadt [Tue, 13 Jul 2021 16:49:32 +0000 (16:49 +0000)]
modernize province abbreviations

3 years agoupdate canadian area codes according to cnac.ca
deraadt [Tue, 13 Jul 2021 15:32:59 +0000 (15:32 +0000)]
update canadian area codes according to cnac.ca

3 years agoDisk sector addresses are normally stored/provided in uint64_t
krw [Tue, 13 Jul 2021 15:03:34 +0000 (15:03 +0000)]
Disk sector addresses are normally stored/provided in uint64_t
variables/parameters, not off_t.

Adjust various parameters and variables accordingly. A few missed const's
and verbiage tweaks in passing.

No functional change.

3 years agosync
deraadt [Tue, 13 Jul 2021 13:18:03 +0000 (13:18 +0000)]
sync

3 years agoReplace a stray use of letoh64() on gh_part_num and
krw [Tue, 13 Jul 2021 11:18:25 +0000 (11:18 +0000)]
Replace a stray use of letoh64() on gh_part_num and
gh_part_size, which are uint32_t fields, with letoh32().

3 years agoOnly use client for sizing when not detached, GitHub issue 2772.
nicm [Tue, 13 Jul 2021 10:38:57 +0000 (10:38 +0000)]
Only use client for sizing when not detached, GitHub issue 2772.

3 years agoOrder the MRT table dump versions by preference also the text refers
claudio [Tue, 13 Jul 2021 08:44:18 +0000 (08:44 +0000)]
Order the MRT table dump versions by preference also the text refers
to the latter two (table-mp and table) to be only available for
compatibility. People should really only use table-v2 since it is
the only method which will properly dump everything.

3 years agoRemove unused `PolicyHead' from 'sockaddr_encap' structure.
mvs [Tue, 13 Jul 2021 08:16:17 +0000 (08:16 +0000)]
Remove unused `PolicyHead' from 'sockaddr_encap' structure.

ok tobhe@

3 years agoAdd f_modify and f_process callbacks to FIFO filterops.
visa [Tue, 13 Jul 2021 07:37:50 +0000 (07:37 +0000)]
Add f_modify and f_process callbacks to FIFO filterops.

OK millert@ mpi@

3 years agoToss 'const' in anywhere the compiler doesn't complain about, thus identifying
krw [Mon, 12 Jul 2021 22:18:54 +0000 (22:18 +0000)]
Toss 'const' in anywhere the compiler doesn't complain about, thus identifying
places that *should* be const but currently aren't and preventing the rot from
spreading further while those issues are dealt with.

No functional change.

3 years agoAdd uaudio(4) and umidi(4). ok kettenis@, mlarkin@
matthieu [Mon, 12 Jul 2021 19:11:42 +0000 (19:11 +0000)]
Add uaudio(4) and umidi(4). ok kettenis@, mlarkin@

3 years agoFinal batch of struct field name tweaks. 'cmd_' for cmd, ut_' for
krw [Mon, 12 Jul 2021 18:31:53 +0000 (18:31 +0000)]
Final batch of struct field name tweaks. 'cmd_' for cmd, ut_' for
unit_types, 'pt_' for part_type, 'pg_' for protected_guid.

No functional change.

3 years agonew manual page X509_print_ex(3)
schwarze [Mon, 12 Jul 2021 15:56:54 +0000 (15:56 +0000)]
new manual page X509_print_ex(3)

3 years agoUse the x509_verify_cert_cache_extensions fuction instead of manually
beck [Mon, 12 Jul 2021 15:12:38 +0000 (15:12 +0000)]
Use the x509_verify_cert_cache_extensions fuction instead of manually
calling the OpenSSL legacy cache extensions goo.

Requested by tb@
ok tb@

3 years agoChange the error reporting pattern throughout the tree when unveil
beck [Mon, 12 Jul 2021 15:09:18 +0000 (15:09 +0000)]
Change the error reporting pattern throughout the tree when unveil
fails to report the path that the failure occured on. Suggested by
deraadt@ after some tech discussion.

Work done and verified by Ashton Fagg <ashton@fagg.id.au>

ok deraadt@ semarie@ claudio@

3 years agodocument X509V3_extensions_print(3)
schwarze [Mon, 12 Jul 2021 14:54:00 +0000 (14:54 +0000)]
document X509V3_extensions_print(3)

3 years agoAdd 'dk_' prefix to struct disk field names.
krw [Mon, 12 Jul 2021 14:06:19 +0000 (14:06 +0000)]
Add 'dk_' prefix to struct disk field names.

No functional change.

3 years agofix "evaluation order violation" flagged by coverity
daniel [Mon, 12 Jul 2021 12:24:41 +0000 (12:24 +0000)]
fix "evaluation order violation" flagged by coverity

Coverity flagged the self-assignment introduced in the previous commit.
This is CID 1505120.

ok kevlo@

3 years agodocument X509V3_EXT_print(3)
schwarze [Mon, 12 Jul 2021 11:47:01 +0000 (11:47 +0000)]
document X509V3_EXT_print(3)

3 years agoRemember to set CPUF_RUNNING on secondary CPUs.
visa [Mon, 12 Jul 2021 09:32:37 +0000 (09:32 +0000)]
Remember to set CPUF_RUNNING on secondary CPUs.

3 years agoMake hw_cpu_hatch() more similar on loongson and octeon.
visa [Mon, 12 Jul 2021 09:29:18 +0000 (09:29 +0000)]
Make hw_cpu_hatch() more similar on loongson and octeon.

3 years agoMake limit for time_t test unconditional in the format_absolute_time
dtucker [Mon, 12 Jul 2021 06:22:57 +0000 (06:22 +0000)]
Make limit for time_t test unconditional in the format_absolute_time
fix for bz#3329 that allows printing of timestamps past INT_MAX.
This was incorrectly included with the previous commit.   Based on
discussion with djm@.

3 years agoUse existing format_absolute_time() function when printing cert validity
dtucker [Mon, 12 Jul 2021 06:08:57 +0000 (06:08 +0000)]
Use existing format_absolute_time() function when printing cert validity
instead of doing it inline.  Part of bz#3329.

3 years agowrap a long line
jsg [Mon, 12 Jul 2021 06:07:33 +0000 (06:07 +0000)]
wrap a long line

3 years agofix some broken tests; clean up output
djm [Mon, 12 Jul 2021 02:12:22 +0000 (02:12 +0000)]
fix some broken tests; clean up output

3 years agoAdd 'prt_' prefix to struct prt field names.
krw [Sun, 11 Jul 2021 20:51:50 +0000 (20:51 +0000)]
Add 'prt_' prefix to struct prt field names.

Use 'dp' instead of 'prt' for struct dos_partition *
paramters, and 'prt' instead of 'partn' for struct prt *
parameters.

No functional change.

3 years agoOptimize gadget fixups for MOV instructions.
mortimer [Sun, 11 Jul 2021 20:32:00 +0000 (20:32 +0000)]
Optimize gadget fixups for MOV instructions.

Instead of swapping registers around, we can just use the REV version of
the same instruction, which has the same effect but encodes differently and
does not result in return bytes in the binary. This reduces the number
of xchg instructions resulting from gadget fixing.

Prompted by ratchov@, with input from millert@ and sthen@.

ok sthen@

3 years agoWhile the traditional OpenSSL return value and behaviour of BIO_dump(3)
beck [Sun, 11 Jul 2021 20:18:07 +0000 (20:18 +0000)]
While the traditional OpenSSL return value and behaviour of BIO_dump(3)
is pure comedy gold, and now documented as such, sadly this bit of pure
Muppet genius can't really in good consience stay in the tree as is.

Change BIO_dump to always return the number of bytes printed on success
and to stop printing and return -1 on failure if a writing function
fails.

ok tb@, jsing@

3 years agoAdd 'mbr_' prefix to struct mbr field names.
krw [Sun, 11 Jul 2021 19:43:19 +0000 (19:43 +0000)]
Add 'mbr_' prefix to struct mbr field names.

Change 'offset' to mbr_lba_self and 'reloffset'
to mbr_lba_firstembr to make their use more evident.
Adjust a few parameter names to match.

Change 'part[]' to mbr_prt[] to reflect that it is an
array of struct prt.

No functional change.

3 years agonew manual page ASN1_parse_dump(3)
schwarze [Sun, 11 Jul 2021 19:03:45 +0000 (19:03 +0000)]
new manual page ASN1_parse_dump(3)

3 years agoCorrect various min/max cluster numbers for FAT12/16/32. From NetBSD.
kettenis [Sun, 11 Jul 2021 15:39:58 +0000 (15:39 +0000)]
Correct various min/max cluster numbers for FAT12/16/32.  From NetBSD.

ok krw@, jsg@

3 years agosync
deraadt [Sun, 11 Jul 2021 15:32:48 +0000 (15:32 +0000)]
sync

3 years agodocument ASN1_get_object(3)
schwarze [Sun, 11 Jul 2021 15:30:21 +0000 (15:30 +0000)]
document ASN1_get_object(3)

3 years agoMove ask_cmd(), ask_num(), ask_pid(), ask_string(), parse_b()
krw [Sun, 11 Jul 2021 13:51:42 +0000 (13:51 +0000)]
Move ask_cmd(), ask_num(), ask_pid(), ask_string(), parse_b()
and crc32().

No functional change.

3 years agoAdd tabs to make variable declarations easier
krw [Sun, 11 Jul 2021 13:38:27 +0000 (13:38 +0000)]
Add tabs to make variable declarations easier
to read.

No functional change.

3 years agoAdd tabs to make struct definitions and function prototypes easier
krw [Sun, 11 Jul 2021 13:23:18 +0000 (13:23 +0000)]
Add tabs to make struct definitions and function prototypes easier
to read.

No functional change.

3 years ago'return' is not a function call.
krw [Sun, 11 Jul 2021 12:51:36 +0000 (12:51 +0000)]
'return' is not a function call.

No functional change.

3 years agoconvert db_addr_t to vaddr_t
jasper [Sun, 11 Jul 2021 12:21:52 +0000 (12:21 +0000)]
convert db_addr_t to vaddr_t

3 years agocorrect comment
jsg [Sun, 11 Jul 2021 04:34:13 +0000 (04:34 +0000)]
correct comment
from Jonathan Kollasch in NetBSD

3 years agotweak indentation of conditional in db_validate_address().
jasper [Sat, 10 Jul 2021 18:46:39 +0000 (18:46 +0000)]
tweak indentation of conditional in db_validate_address().
this also matches arm64 now/again.

3 years agoFix a read buffer overrun in X509_CERT_AUX_print(3),
schwarze [Sat, 10 Jul 2021 17:45:16 +0000 (17:45 +0000)]
Fix a read buffer overrun in X509_CERT_AUX_print(3),
which by implication also affects X509_print(3).

The ASN1_STRING_get0_data(3) manual explitely cautions the reader
that the data is not necessarily NUL-terminated, and the function
X509_alias_set1(3) does not sanitize the data passed into it in
any way either, so we must assume the alias->data field is merely
a byte array and not necessarily a string in the sense of the C
language.

I found this bug while writing manual pages for these functions.

OK tb@

As an aside, note that the function still produces incomplete and
misleading results when the data contains a NUL byte in the middle
and that error handling is consistently absent throughout, even
though the function provides an "int" return value obviously intended
to be 1 for success and 0 for failure, and even though this function
is called by another function that also wants to return 1 for success
and 0 for failure and even does so in many of its code paths, though
not in others.  But let's stay focussed.  Many things would be nice
to have in the wide wild world, but a buffer overflow must not be
allowed to remain in our backyard.

3 years agoPass expected result first when diff(1)ing for result.
mpi [Sat, 10 Jul 2021 16:32:01 +0000 (16:32 +0000)]
Pass expected result first when diff(1)ing for result.

3 years agonew manual page BIO_dump(3)
schwarze [Sat, 10 Jul 2021 15:56:18 +0000 (15:56 +0000)]
new manual page BIO_dump(3)

3 years agoAdd a bunch of workarond in the verifier to support partial chains and
beck [Sat, 10 Jul 2021 15:52:59 +0000 (15:52 +0000)]
Add a bunch of workarond in the verifier to support partial chains and
the saving of the first error case so that the "autochain" craziness from
openssl will work with the new verifier. This should allow the new verification
code to work with a bunch of the autochain using cases in some software.
(and should allow us to stop using the legacy verifier with autochain)

ok tb@

3 years agoAdd test case for single static address in configuration payload in
tobhe [Sat, 10 Jul 2021 15:05:22 +0000 (15:05 +0000)]
Add test case for single static address in configuration payload in
addition to existing "config address" test that uses an address pool.

3 years agohonor objdir
anton [Sat, 10 Jul 2021 12:25:46 +0000 (12:25 +0000)]
honor objdir

3 years agominor nits:
anton [Sat, 10 Jul 2021 07:10:31 +0000 (07:10 +0000)]
minor nits:
* compile the edit utility once
* emit a warning during timeout

3 years agoSync maxusers with other 64bit archs.
mpi [Sat, 10 Jul 2021 07:04:59 +0000 (07:04 +0000)]
Sync maxusers with other 64bit archs.

From miod@, ok deraadt@

3 years agosync
deraadt [Sat, 10 Jul 2021 03:40:19 +0000 (03:40 +0000)]
sync

3 years agouse vaddr_t as type for frames as is commonly used elsewhere too
jasper [Fri, 9 Jul 2021 20:59:51 +0000 (20:59 +0000)]
use vaddr_t as type for frames as is commonly used elsewhere too

ok kettenis@

3 years agofix scentence in db_printsym comment
jasper [Fri, 9 Jul 2021 20:59:17 +0000 (20:59 +0000)]
fix scentence in db_printsym comment

3 years agoRemove unused `cc_koperations' and `cc_queued' members from 'cryptocap'
mvs [Fri, 9 Jul 2021 20:43:28 +0000 (20:43 +0000)]
Remove unused `cc_koperations' and `cc_queued' members from 'cryptocap'
struct.

ok bluhm@

3 years agoParse /soc/dma-ranges to populate the openbsd,dma-constraint property.
patrick [Fri, 9 Jul 2021 20:19:46 +0000 (20:19 +0000)]
Parse /soc/dma-ranges to populate the openbsd,dma-constraint property.
On the MNT Reform, which uses a i.MX8MQ with 4 GB of memory, this makes
sure that we don't allocate DMA buffers above the 32-bit boundary.  As
it turns out the i.MX8MQ's I/O devices are limited to 32-bit addresses.
The i.MX8MP seems to be better in that regard, though at least the USB
controller is still limited.  That's a bit harder to fix in a dynamic
fashion, but we'll take care of that as soon as someone shows up with
an i.MX8MP with that much memory.

ok kettenis@

3 years agoUse SLIST macro for cryptosoft sessions instead of hand rolled list.
bluhm [Fri, 9 Jul 2021 15:29:55 +0000 (15:29 +0000)]
Use SLIST macro for cryptosoft sessions instead of hand rolled list.
OK mpi@ tobhe@

3 years agoFix mixup between localKeyID and friendlyName.
tb [Fri, 9 Jul 2021 14:41:14 +0000 (14:41 +0000)]
Fix mixup between localKeyID and friendlyName.

"please commit" schwarze

3 years agoKNF: remove whitespace between functions and parentheses
tb [Fri, 9 Jul 2021 14:07:59 +0000 (14:07 +0000)]
KNF: remove whitespace between functions and parentheses

3 years agonew manual page for X509_keyid_set1(3), X509_keyid_get0(3),
schwarze [Fri, 9 Jul 2021 12:07:27 +0000 (12:07 +0000)]
new manual page for X509_keyid_set1(3), X509_keyid_get0(3),
X509_alias_set1(3), X509_alias_get0(3)

3 years agoSwitch iwm(4) to new firmware images available in iwm-firmware-20210512.
stsp [Fri, 9 Jul 2021 11:41:20 +0000 (11:41 +0000)]
Switch iwm(4) to new firmware images available in iwm-firmware-20210512.

This updates firmware for 3165, 3168, 7265, 8260, 8265, 9260, 9560 devices.
Other devices did not receive firmware updates from Intel.
New firmware images should contain revelant fixes for fragattacks:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html

Running fw_update(1) may be required before rebooting into a new kernel.
sysupgrade(8) will take care of this.

Blocking issues reported during the previous attempt at using these firmware
images have been addressed.

When reporting issues, please enable 'ifconfig iwm0 debug', reproduce the
error once more, and include the full dmesg in your bug report.

3 years agoPrint new iwm(4) firmware version numbers like Linux iwlwifi does it.
stsp [Fri, 9 Jul 2021 11:36:14 +0000 (11:36 +0000)]
Print new iwm(4) firmware version numbers like Linux iwlwifi does it.

Starting with major version 35 the Linux driver prints the minor version
number in hexadecimal.

3 years agoremove unused lines of code from iwm(4) which were specific to iwx(4) devices
stsp [Fri, 9 Jul 2021 11:33:00 +0000 (11:33 +0000)]
remove unused lines of code from iwm(4) which were specific to iwx(4) devices

3 years agoFix errors in the probe request template we provide to iwm(4) firmware.
stsp [Fri, 9 Jul 2021 11:31:05 +0000 (11:31 +0000)]
Fix errors in the probe request template we provide to iwm(4) firmware.

The SSID should not be inserted into the template itself. The template
just needs an empty SSID information element. Firmware fills in the rest.

Fix the length specification of 2GHz band-specific data in the template.

3 years agoDo not ask iwm(4) firmware to send probe requests on passive channels.
stsp [Fri, 9 Jul 2021 11:29:08 +0000 (11:29 +0000)]
Do not ask iwm(4) firmware to send probe requests on passive channels.

This seems to fix a problem where newer 9k firmware versions become
unresponsive after association and eventually raise a fatal error.

3 years agoMake iwm(4) set various scan command flags just like how iwlwifi sets them.
stsp [Fri, 9 Jul 2021 11:24:55 +0000 (11:24 +0000)]
Make iwm(4) set various scan command flags just like how iwlwifi sets them.
Discrepancies found while investigating an issue related to active scanning.

3 years agoFix iwm(4) PHY context updates for newer firmware versions.
stsp [Fri, 9 Jul 2021 11:21:31 +0000 (11:21 +0000)]
Fix iwm(4) PHY context updates for newer firmware versions.

Firmware which advertises the BINDING_CDB_SUPPORT capability
needs a remove+add dance when the channel band has changed.

See Linux commit 730a18912bcbde0b94ae7f1b554a9908b3424a22
and Linux commit 91109f42d0ad0c0c282d1fa1257a1548977aa895

3 years agoMake iwm(4) use only antenna B for single-antenna Tx on 9k devices.
stsp [Fri, 9 Jul 2021 11:11:36 +0000 (11:11 +0000)]
Make iwm(4) use only antenna B for single-antenna Tx on 9k devices.

This matches what Linux and FreeBSD do.
According to Linux commit logs using antenna A for single-antenna Tx
on 9k devices is "wrong" (with no further explanation given).
I suspect it only matters if Bluetooth is active, since antenna A has
obviously been working for us. But who knows...

3 years agoClear the "persistence bit" on iwm(4) 9k devices during hardware init.
stsp [Fri, 9 Jul 2021 11:04:05 +0000 (11:04 +0000)]
Clear the "persistence bit" on iwm(4) 9k devices during hardware init.

According to iwlwifi commit messages this fixes an edge case where
9k family devices fail to resume after system suspend.
See Linux commit 8954e1eb2270fa2effffd031b4839253952c76f2

3 years agoIgnore undocumented TLVs found in the iwm(4) 9000-43 firmware image.
stsp [Fri, 9 Jul 2021 10:46:56 +0000 (10:46 +0000)]
Ignore undocumented TLVs found in the iwm(4) 9000-43 firmware image.

3 years agoReset sc_ucode_api flags before iwm(4) loads firmware.
stsp [Fri, 9 Jul 2021 10:45:17 +0000 (10:45 +0000)]
Reset sc_ucode_api flags before iwm(4) loads firmware.
Fixes firmware re-loading after an initial attempt to load firmware failed.