IABSD.fr/src

Branch :


Log

Author Commit Date CI Message
610ca8ca 2024-01-07 15:21:04 Improve EVP_CIPHER_{get,set}_asn1_iv() Use iv_len for the variables storing the IV length, formerly l and j. Remove use of the unnecessary variable i and unindent the whole mess. Some return values are fishy. That will be addressed in subsequent commits. ok jsing
307dc1ce 2024-01-07 14:50:45 Remove X509_TRUST extensibility This is pretty much identical to the X509_PURPOSE case: remove the stack used for extending and overriding the trust table and make X509_TRUST_add() always fail. Simplify some other bits accordingly. ok jsing
3db25975 2024-01-07 09:48:29 rpki-client: zap a stray space
65827fe9 2024-01-07 09:48:03 rpki-client: print revocation time in filemode If a certificate was revoked, extract the revocation timestamp and update the warning message in filemode to include it. ok job
6a583968 2024-01-06 20:47:01 Zap some more CRL method things
172a5cb9 2024-01-06 19:34:54 Prevent use after free of TLS context at syslogd(8) shutdown. When splitting the event fields f_ev and f_bufev, disabling some events was missed. Callbacks could happen after tls_free(). Call bufferevent_disable() before f_bufev and struct filed are cleaned. In some error cases f_bufev might be NULL, add a check before cleanup. OK tb@
899d618d 2024-01-06 17:47:43 Zap more obsolete debug code.
d6495eea 2024-01-06 17:43:39 Remove X509_PURPOSE_cleanup() call in OPENSSL_cleanup() Since x509_purp.c r1.34 this is a noop since there is nothing to clean up anymore. Remove the last caller.
1122c914 2024-01-06 17:37:23 Remove X509_CRL_METHOD internals Another complication of dubious value that nobody's ever used. crl_init(), crl_free() and the meth_data are dead weight, as are their accessors. Inline def_crl_verify() in X509_CRL_verify() so that the latter becomes the trivial wrapper of ASN1_item_verify() that one would expect it to be. It is quite unclear what kind of customization would make sense here... def_crl_lookup() is renamed into crl_lookup() and its two callers, X509_CRL_lookup_by_{serial,cert}(), are moved below it so that we don't need a prototype. ok jsing
9c4f0f43 2024-01-06 17:17:08 Remove X509_PURPOSE extensibility Another bit of global state without lock protection. The by now familiar complications of a stack to make this user configurable, which, of course, no one ever did. The table is not currently const, and the API exposes its entries directly, so anyone can modify it. This fits very well with the safety guarantees of Rust's 'static lifetime, which is how rust-openssl exposes it (for no good reason). Remove the stack and make the X509_PURPOSE_add() API always fail. Simplify the other bits accordingly. In addition, this API inflicts the charming difference between purpose identifiers and purpose indexes (the former minus one) onto the user. Neither of the two obvious solutions to avoid this trap seems to have crossed the implementer's mind. ok jsing
3de6427d 2024-01-06 15:52:13 revert component_add() change avoids fault in amdgpu_dm_audio_component_bind() problem reported by matthieu@
f587ab07 2024-01-06 15:38:45 Ergaenzung der fehlenden Jahreszahlen; Flicken von Lennart Jablonka <humm bei ljabl Punkt com>
44c52867 2024-01-06 13:23:47 Unify UFS command function arguments a bit.
205ff018 2024-01-06 13:17:20 vmm(4): reorder segment registers to match SDM. Shuffles around the defines so the segment register indexes match the values used by both Intel and AMD in vm exit information. Simplifies some upcoming changes. ok mlarkin@
a2f0dcb2 2024-01-06 13:04:03 Merge read/write UFS commands in to one single function, since they are very similar.
7b0a2893 2024-01-06 12:52:20 remove stray semicolon ok kettenis@
08347e6e 2024-01-06 12:50:58 move struct file_operations to linux/fs.h ok kettenis@
79307011 2024-01-06 11:42:11 Do not count packets though multicast loopback and simplex interfaces. Counting multicast packets sent to local stack or packets that are reflected by simplex interfaces does not make much sense. They are neither received nor output by any ethernet device. Counting these packets at lo0 or the loopback interface of the routing domain would be possible, but is not worth the effort. Make if_input_local() MP safe by deleting the if_opackets++ code. OK mvs@
ef0dceb5 2024-01-06 11:29:00 put the real sizes into the "title" attribute so that hovering shows the exact value. adjust/refactor javascript sorter accordingly
a61bf6f2 2024-01-06 10:58:45 Take net lock before kernel lock. Doing KERNEL_LOCK() just before NET_LOCK() does not make sense. Net lock is a rwlock that releases kernel lock during sleep. To avoid an unnecessary release and take kernel lock cycle, move KERNEL_LOCK() after NET_LOCK(). There is no lock order reversal deadlock issue. Both locks are used in any order thoughout the kernel. As NET_LOCK() releases the kernel lock when it cannot take the lock immediately and has to sleep, we always end in the order kernel lock before net lock after sleeping. OK sashan@
667382c7 2024-01-06 09:33:08 Add more Linux compat code in preparation for the apple KMS driver. ok jsg@
036f766d 2024-01-06 08:03:31 devel/cargo: add support for installing several different paths rename MODCARGO_INSTALL_TARGET_PATH to MODCARGO_INSTALL_TARGET_PATHS
b68104e4 2024-01-05 21:22:01 EVP_PKEY_asn1_find_str() tweaks Switch i to a size_t and improve a flag check. Part of an earlier diff that was ok jsing but were lost when I reworked the diff.
cba2cefc 2024-01-05 19:34:19 Remove more __syscall() leftovers.
fba72c10 2024-01-05 11:02:57 Improve rtr_send_error() logging and demote the FSM state changes from log_info to log_debug. OK tb@
c24fef85 2024-01-05 10:37:54 Wait until the expected interface state is reached instead of relying on arbitrary sleeps. Should hopefully make these tests more stable.
fb8a40b8 2024-01-05 10:18:52 evp_key.c: Remove more unnecessary parentheses
7c4f9497 2024-01-05 10:15:36 Minor tweaks in EVP_read_pw_string_min() Remove unnecessary parentheses and use a better place to break an overlong line.
b0c223ce 2024-01-05 10:14:08 Plug a leak in EVP_read_pw_string_min() Use an error exit that frees the ui in case the UI_add_* fail. Also add a few empty lines for readability. ok joshua
0b701acd 2024-01-04 21:35:56 Zap some '#if 0' code which was initially required for debugging.
baf9e3d1 2024-01-04 21:02:30 Set the interrupt aggregation counter down to 1, which fixes the read performance from ~20MB/s to ~220MB/s.
e7fbb990 2024-01-04 20:50:43 Adjust IPLs to give us more interrupt vectors for IPL_NET. That is where we need them most since multi-queue NICs seem to be a thing now. ok patrick@, mlarkin@, jan@
20c8931a 2024-01-04 20:15:01 Disable EVP_PKEY_meth_* extensibility This removes the global pkey_app_methods stack that was never cleaned up and makes EVP_PKEY_meth_add0() always fail and push an error on the stack. EVP_PKEY_meth_find() can now walk the list of PKEY_METHODs forward and things become a bit cleaner. It's still all way more complicated than it needs to be... ok jsing
fe1adf5a 2024-01-04 20:02:10 Remove last external call to EVP_PKEY_meth_find() In order to determine whether GOST is properly enabled, libssl has various weird dances. In this specific case, it calls EVP_PKEY_meth_find() to see whether the relevant cipher is around. Check the same thing with an #ifdef instead. ok jsing
8dc592d3 2024-01-04 18:17:47 make auto-index better - make it an actual table - use "human readable sizes" for the file sizes - add some decoration and javascript to be able to sort it per-column (client side) (this means some extra column attribute) - add glue to facilitate embedding js + css directly in the program - add some graphical indication for directories - should still validate as proper html everywhere (custom properties need to be called data-* for this!) Work with claudio@ and tb@, many thanks to claudio@ for some of the finer points of css handling, and tb@ for some fine spaces fixes. I've tried it with lynx as well, shows up correctly. One big plus is that the size of columns work as utf-8, so you can expose filenames without any problems (I've tried it with non-js text navigators as well as firefox, chromium and friends) And it looks slightly less yahoo ca. 1995. It's still "one size fits all". If people object to the current look, adding httpd.conf(5) properties to override the default css should be easy. okay claudio@, tb@
a6d8ed60 2024-01-04 17:38:36 Remove unused app_data from EVP_CIPHER The EVP_CIPHER structs are static const data that the library returns when you call EVP_aes_128_cbc(), for example. It makes no sense whatsoever to hang user data off such a struct, but it's been there since forever. ok jsing
a03a5a63 2024-01-04 17:22:29 Clean up EVP_PKEY_asn1_get0_info() a bit Use better variable names without silly p prefix and use explicit checks against NULL.
63332565 2024-01-04 17:17:40 Clean up EVP_PKEY_asn1_find_str() Use slightly better argument and variable names, do not pointlessly try to match a string of negative length < -1, use a size_t for the strlen() and preserve the logic that allows lookup by a string fragment rather than a full string. ok jsing
680e1051 2024-01-04 17:08:57 Simplify EVP_PKEY_asn1_find() EVP_PKEY_asn1_find() finds the EVP_PKEY_ASN1_METHOD underlying the method or alias with nid (or, rather, pkey_id) passed in. Now that we have the base method stored in a pointer, we can return that method after a simple lookup of said nid (or, rather, pkey_id). ok jsing
9ed721ec 2024-01-04 17:01:26 Replace .pkey_base_id with a .base_method pointer Every EVP_PKEY_ASN1_METHOD is either an ASN.1 method or an alias. As such it resolves to an underlying ASN.1 method (in one step). This information can be stored in a base_method pointer in allusion to the pkey_base_id, which is the name for the nid (aka pkey_id aka type) of the underlying method. For an ASN.1 method, the base method is itself, so the base method is set as a pointer to itself. For an alias it is of course a pointer to the underlying method. Then obviously ameth->pkey_base_id is the same as ameth->base_method->pkey_id, so rework all ASN.1 methods to follow that. ok jsing
7a766feb 2024-01-04 16:50:53 Neuter the remainder of the ameth lib The few pieces of the ameth lib that will stay in libcrypto were moved to p_lib.c recently. The functions that still are in ameth_lib.c will be removed in the next major bump. With disabled EVP_PKEY_asn1_add{0,_alias}() API they are completely useless now and they are getting in the way of more ameth surgery. Rip out their guts and turn them into stubs that do nothing but push an error onto the stack. ok jsing
fa20815c 2024-01-04 16:41:56 Split ameth arrays into individual methods For some reason DSA, GOST, and RSA had their ASN.1 methods stored in an array. This is clumsy and the only benefit is that one saves a few externs in p_lib.c. They were also arranged by ascending NID because of bsearch() madness. Split them up and arrange the methods by name, which is much saner and simpler. ok jsing
ed5572f8 2024-01-04 16:38:18 Rewrite the imsg handling using the new API functions. OK tb@
b1793e8c 2024-01-04 14:30:09 Convert the RTR PDU parser to use the new ibuf API. Lenght / overflow checks are now handled by ibufs. OK tb@
6b9dec02 2024-01-04 13:30:20 Fix timeout value for write command (typo).
06924da0 2024-01-04 12:22:35 Pass SCSI command directly to the UFS command descriptor instead of decoding/encoding it. Suggested and OK kettenis@
ee9b0250 2024-01-04 10:26:14 Rename argument roa of imsg_send_sockets() to rtr since the imsgbuf is for PROC_RTR.
a03fa7cf 2024-01-04 09:51:49 Import regenerated moduli.
085d145c 2024-01-04 09:47:54 Improve length checks for oiv and iv There are two unsigned char arrays of size EVP_MAX_IV_LENGTH to store the IVs of block ciphers. In most modes, only iv is used, but in some modes iv is modified and oiv is used to store the original IV. At the moment nothing enforces that they are of the same length. Therefore make sure the correct one or both are checked before writing to or reading from them. ok miod
d1ee423b 2024-01-04 09:34:03 fix IPv6 addresses table lookups Rework parse_sockaddr() to not reach inet_pton() with a brace-wrapped IPv6 address. Issue reported by Kirill Miazine. ok millert@
ed9a50d3 2024-01-04 09:30:09 set_localaddrs(): don't wrap IPv6s address with braces twice ss_to_text() already wraps ipv6 addresses in braces, so no need to do it again and no need to do that for IPv4 addresses too. ok millert@
9c887eff 2024-01-04 08:41:59 Add support for AX88179A. AX88179A interweave dummies alongside valid packet headers in axen_rxeof(). However current driver records these dummy headers as dropped frames, leading to stats misreporting one Ifail per Ipkt. This skips those dummy headers silently, thereby not generating Ifail for them. From FreeBSD commit 70fbcd451b68b7f6038d8a602cd8d5e1bb890f1d Tested by landry@ and myself. ok claudio@, landry@
2bbed9a6 2024-01-04 07:08:47 fix up barriers in bnxt_down() - use barriers for all interrupts and for the rx refill timeouts. tested by hrvoje ok bluhm@
8dedfb50 2024-01-04 01:32:06 Revert previous. splx(9) can call kvp_get_ip_info() from any place with netlock held and cause recursive lock acquisition issue.
234e5132 2024-01-04 00:19:17 Skip tests that use too many resources on armv7.
adb7c8aa 2024-01-03 22:34:39 vmd(8): improve error messages when out of tap devices. The logging and the (lack of) errno don't describe the actual reason a vm fails to start when there are not enough tap(4) special files in /dev. Improve the log message to specify the tap file in question and set ENOENT so vmctl(8) gets something other than an undefined errno value to report. ok bluhm@
d9ef9e88 2024-01-03 21:41:44 Enable Apple brightness keys also for archs other than macppc. ok kettenis@
0314fe8b 2024-01-03 16:07:37 Use "established" and "exchange" as RTR state names. "idle" and "active" are used in the BGP FSM with different meaning which leads to confusion. When a RTR session is up the state is "established" apart from the time when a new delta is loaded (between cache response and end of data PDU) the state is "exchange". OK tb@
38afab8c 2024-01-03 11:07:04 Run connect(2) in parallel within inet doamin. This unlocks soconnect() for UDP, rip, rip6 and divert. It takes shared net lock in combination with per socket lock. TCP and GRE still use exclusive net lock when connecting. OK mvs@
b98228b2 2024-01-03 09:19:22 Update website URL. ok miod@
0a1afe4a 2024-01-03 09:13:32 Improve order in ancient CMS helpers First came EVP_CIPHER_param_to_asn1() which wraps EVP_CIPHER_set_asn1_iv() which was implemented last. Then came EVP_CIPHER_asn1_to_param() wrapping EVP_CIPHER_get_asn1_iv(). Move each param function below the iv function it wraps.
cd8603db 2024-01-03 08:11:15 relax ORCPT syntax validation We expected the ORCPT parameter to be a valid rfc822 address. This is wrong on multiple levels: - any other IANA-registered "addr-type" can be used - the parameter may be encoded and we didn't decode it prior validation - RFC3461 explicitly states that "[..] the address associated with the ORCPT keyword is NOT constrained to conform to the syntax rules for that 'addr-type'". Instead, just validate the xtext and preserve the ORCPT value as-is. Issue originally reported by Tim Kuijsten, Tassilo Philipp and others. ok millert@
c46e1f29 2024-01-03 03:14:16 vmd(8): remove unused variable from vionet_notify_tx. num_enq was assigned and incremented, but never used. clang started pointing out via warnings. No functional change.
1e710e83 2024-01-02 22:43:20 Update to 2023dgtz from https://github.com/JodaOrg/global-tz * Ittoqqortoormiit, Greenland changes time zones on 2024-03-31. * Vostok, Antarctica changed time zones on 2023-12-18. * Casey, Antarctica changed time zones five times since 2020. * Data fixes for Palestine timestamps starting in 2072.
2b055381 2024-01-02 21:27:39 Move a t to the right place in a comment
e6f6d3d4 2024-01-02 21:24:42 Match struct order for the EVP_CIPHER_CTX accessors This isn't great since the struct is ordered in about the silliest way imaginable, but it is better than it was before. Bringing order into this mess is harder than solving a Rubik's cube.
35c9a4a5 2024-01-02 21:12:25 Move down EVP_CIPHER_CTX accessors expose EVP_CIPHER internals These confusingly named getters were added "for convenience" in 1.1. They fit best next to the EVP_CIPHER API.
e8bd9695 2024-01-02 20:48:40 Move the trivial EVP_CIPHER getters down They are now below the CMS ASN.1 IV stuff, but above the EVP_CIPHER_meth* API, which are setters, in a way.
a0acfa78 2024-01-02 20:00:45 Simplify EVP_CIPHER_{asn1_to_param,parma_to_asn1}() There's no need for a ret variable and else if/else
f3f06693 2024-01-02 19:56:43 Move the EVP_CIPHER API that only exists for CMS/legacy a bit down
63177169 2024-01-02 19:54:43 sm4: more NULL misspellings
1aaf058a 2024-01-02 18:48:02 Two spellings of key length are enough The API is called EVP_CIPHER_CTX_set_key_length() it has an argument called keylen and, the EVP_CIPHER_CTX's member is called key_len. One of the three is trivial to adjust, so do it.
18dea6b0 2024-01-02 18:30:27 Rename the poor outlier EVP_CIPHER *e into *cipher
7101bdfc 2024-01-02 18:28:35 Better variable names in EVP_CIPHER_type() The EVP_CIPHER *ctx (yes) is renamed to cipher, otmp becomes an aobj. Change two !ptr to ptr == NULL checks.
6a626acc 2024-01-02 18:21:02 Consistently use ctx for an EVP_CIPHER_CTX Not c (which is most of the time an EVP_CIPHER) or a (?!).
a2b2fc7f 2024-01-02 17:39:08 set attached flag properly when fw fails to load during config_mountroot()
e4829a9c 2024-01-02 16:40:03 Revert chunk that I have commited by accident.
c57c5c68 2024-01-02 16:32:47 Prevent simultaneous dt(4) open. Syskaller has hit the assertion "dtlookup(unit) == NULL" by opening dt(4) device in two parallel threads. Convert kassert into if condition. Move check that device is not used after sleep points in malloc. The list dtdev_list is protected by kernel lock which is released during sleep. Reported-by: syzbot+6d66c21f796c817948f0@syzkaller.appspotmail.com OK miod@
ba17659f 2024-01-02 15:06:48 Run bind(2) and connect(2) in parallel also for TCP and Raw IP. Before only UDP was tested.
b1f70f86 2024-01-02 10:25:48 have quirks behave way more like other packages so it can have dependencies
af367b3e 2024-01-02 00:03:06 Revert "drm/amd/display: Do not set DRR on pipe commit" From Aric Cyr b09a67617621f41e12ad9ec771ff320fc8b88a94 in linux-6.1.y/6.1.70 36951fc9460fce96bafd131ceb0f343cae6d3cb9 in mainline linux
16a247d5 2024-01-01 23:59:47 drm/i915: Reject async flips with bigjoiner From Ville Syrjala 7d09c84df5ab9e18464a2f048e393a7860a043e9 in linux-6.1.y/6.1.70 88a173e5dd05e788068e8fa20a8c37c44bd8f416 in mainline linux
ffaaf0cc 2024-01-01 23:58:00 drm/i915: Fix ADL+ tiled plane stride when the POT stride is smaller than the original From Ville Syrjala 900c1b3c62f920a50352f5dff6995bca5836b0c7 in linux-6.1.y/6.1.70 324b70e997aab0a7deab8cb90711faccda4e98c8 in mainline linux
c1994344 2024-01-01 23:55:41 drm/i915/mtl: Add MTL for remapping CCS FBs From Clint Taylor de4349bdf9f3ba46d0e5e298924432957328ddfd in linux-6.1.y/6.1.70 0da6bfe857ea9399498876cbe6ef428637b6e475 in mainline linux
c4c55bbf 2024-01-01 23:53:46 drm/i915/dpt: Only do the POT stride remap when using DPT From Ville Syrjala 52c1a67dd3039ba254484cb7740d9079663a80bd in linux-6.1.y/6.1.70 ef5cb493a9acd7d97870d6e542020980ae3f3483 in mainline linux
407f8e0b 2024-01-01 23:50:42 drm/i915: Fix intel_atomic_setup_scalers() plane_state handling From Ville Syrjala 7afe8109456d94d6cc9374da869b2d64852b8535 in linux-6.1.y/6.1.70 c3070f080f9ba18dea92eaa21730f7ab85b5c8f4 in mainline linux
12d6b21a 2024-01-01 23:48:31 drm/i915: Relocate intel_atomic_setup_scalers() From Ville Syrjala b097184f80269f384e9f5556e6b3592441e955f4 in linux-6.1.y/6.1.70 8976b18249407df8bf6ea18ecae0640a15341a50 in mainline linux
4e84d015 2024-01-01 23:47:01 drm/i915/mtl: limit second scaler vertical scaling in ver >= 14 From Luca Coelho 99767368b7fad6bee30ca89ef96877d86e3181a1 in linux-6.1.y/6.1.70 8d4312e2b228ba7a5ac79154458098274ec61e9b in mainline linux
1fae9f40 2024-01-01 23:45:08 drm/amd/display: fix hw rotated modes when PSR-SU is enabled From Hamza Mahfooz 913463f8e6cd8b0567c44d7eef350b9592a369dd in linux-6.1.y/6.1.70 f528ee145bd0076cd0ed7e7b2d435893e6329e98 in mainline linux
034f31ce 2024-01-01 22:16:51 Protect link between pf and inp with mutex. Introduce global mutex to protect the pointers between pf state key and internet PCB. Then in_pcbdisconnect() and in_pcbdetach() do not need exclusive netlock anymore. Use a bunch of read once unlocked access to reduce performance impact. OK sashan@
61540639 2024-01-01 18:52:09 Reduce code duplication in ip6 divert. Protocols like UDP or TCP keep only functions in netinet6 that are essentially different. Remove divert6_detach(), divert6_lock(), divert6_unlock(), divert6_bind(), and divert6_shutdown(). Replace them with identical IPv4 functions. INP_HDRINCL is an IPv4 only option, remove it from divert6_attach(). OK mvs@ sashan@ kn@
b5b8bc53 2024-01-01 18:47:02 Call if_counters_alloc() before if_attach(). ok bluhm sashan
7054f42f 2024-01-01 18:33:04 Fix bounds check in EVP_PKEY_CTX_get_keygen_info() Replace > with >= for the upper array bound to disallow a 4 byte overread. For RSA you can read the padding mode and for DH past the DH_PKEY_CTX. Unfortunately, Ruby thought it important to use this, so we can't kill it easily. ok miod
7d022182 2024-01-01 18:25:50 Move fdt attachment into sys/conf/files.conf instead of duplicating it on an MD basis. ok patrick@
5851f6d7 2024-01-01 17:00:57 Fix white space in pf.c.
9c6b3ee3 2024-01-01 16:01:48 kill gross whitespace
a21c64b7 2024-01-01 15:43:02 pkey_is_pss() and pkey_ctx_is_pss() to rsa_ameth.c These aren't particularly helpful and should probably both be expanded. For now move them to the only place where they are actually used.
697566c9 2024-01-01 15:23:00 Remove EVP_PKEY's save_type member This was only used to avoid an ameth lookup in EVP_PKEY_set_type(), a micro-optimization that was removed in p_lib.c r1.48. ok jsing
eca194ed 2024-01-01 14:16:59 update devel/cargo and lang/rust ports-module documentation with help and ok tb@
0d444453 2024-01-01 13:04:35 Add Quectel RM500Q to umb man page. ok mglocker@