IABSD.fr/src

Branch :


Log

Author Commit Date CI Message
b3a968f5 2022-01-16 02:14:27 Nothing depends on archdep.h pulling in other #includes anymore, so delete the #includes and hide the RELOC_* functions that are only used by lib/csu behind "#ifdef RCRT0" ok aoyama@
90398e5b 2022-01-16 00:15:48 stoeplizt -> stoeplitz
418ce7a9 2022-01-15 23:39:11 vmd: Remove a warning about non-32KHz timebases Remove a warning that has outlived its usefulness. From Brian Conway, thanks.
1ab0fb16 2022-01-15 23:38:50 spelling ok tb@
d3e27d77 2022-01-15 18:16:02 Add back an accidentally dropped .Pp
585c4a5a 2022-01-15 11:04:16 Don't reset the controller on each transaction. Remove unecessary polling loop and adjust another polling loop. This makes accessing the cs42l83 audio codec work. Probably removing the reset is enough to fix this but the other changes bring us in line with the Linux driver which had some decent RE done to it recently. ok patrick@
0d9ce156 2022-01-15 09:14:40 Update for HMAC_CTX_{init,cleanup} hand HMAC_cleanup removal
cd4b820d 2022-01-15 09:08:51 Stop documenting clone digests.
c7f72189 2022-01-15 04:10:01 bring back spelling fix from rev 1.138 lost in rev 1.140 pointed out by Brad
c3954054 2022-01-15 04:02:37 Minor cleanup and simplification in dsa_pub_encode() This function has a weird dance of allocating an ASN1_STRING in an inner scope and assigning it to a void pointer in an outer scope for passing it to X509_PUBKEY_set0_param() and ASN1_STRING_free() on error. This can be simplified and streamlined. ok inoguchi
d493aa45 2022-01-15 02:46:12 Add ct.h and x509_vfy.h
e457bdd1 2022-01-14 23:55:46 Avoid buffer overflow in asn1_parse2 asn1_par.c r1.29 changed to access p[0] directly, and this pointer could be overrun since ASN1_get_object advances pointer to the first content octet. In case invalid ASN1 Boolean data, it has length but no content, I thought this could be happen. Adding check p with tot (diff below) will avoid this failure. Reported by oss-fuzz 43633 and 43648(later) ok tb@
91768759 2022-01-14 19:53:42 mark failing tests for macppc OK bluhm@
0c3a2335 2022-01-14 15:00:23 Introduce a validated cache which holds all the files that have successfully been verified by rpki-client. With this the rsync and rrdp directories are more of a temporary storage location. New files are downloaded there and then moved to the valid directory at the end. In -n mode only the valid directory is looked at with the exception of the ta directory holding the trust anchors. A file can now be in two different locations so adjust all the code paths that open files to check both locations. One nice side-effect of this is that the RRDP handling in the main process got simplified. There is no longer the need for temporary RRDP directories. OK tb@
36ce76ee 2022-01-14 15:00:16 We don't have 64-bit atomics on powerpc, but we don't really need them. So don't provide atomic64_cmpxchg() on powerpc and on other architectures make its implementation similar to atomic64_xchg(). This makes the tree build again on macppc. suggested by & ok jsg@
e304febb 2022-01-14 10:17:30 Enable openssl pkey -{,pub}check and pkeyparam -check
676ea2e3 2022-01-14 09:38:50 Undo static linking and other workarounds that are no longer needed after the bump
9597e69b 2022-01-14 09:35:18 Convert wycheproof.go for opaque EVP_AEAD_CTX
5980d968 2022-01-14 09:33:46 The cttest can link dynamically now
8561a852 2022-01-14 09:32:27 Simplify BN_mont test slightly using a new accessor.
c44ca71a 2022-01-14 09:28:07 openssl(1) dgst: fix build after clones removal ok inoguchi jsing
b30977f7 2022-01-14 09:27:30 Convert openssl(1) speed for opaque EVP_AEAD_CTX ok inoguchi jsing
2de05b95 2022-01-14 09:26:41 Convert openssl(1) rsa.c for opaque RSA ok inoguchi jsing
5161c7cc 2022-01-14 09:25:42 openssl(1) genrsa: simplify access to rsa->e ok inoguchi jsing
f9413cc6 2022-01-14 09:25:00 Convert openssl(1) gendsa.c to opaque DSA ok inoguchi jsing
437dba66 2022-01-14 09:24:20 Convert openssl(1) dsaparam to opaque dsa ok inoguchi jsing
5827572f 2022-01-14 09:23:42 Convert openssl(1) dsa.c to opaque DSA ok inoguchi jsing
61690107 2022-01-14 09:22:50 Convert openssl(1) dhparam to opaque DH ok inoguchi jsing
d2103c91 2022-01-14 09:21:54 Convert openssl(1) dh.c to opaque DH ok inoguchi jsing
d8ad561f 2022-01-14 09:20:18 Fix acme-client build with opaque RSA
66138239 2022-01-14 09:19:19 isakmpd: convert modp to opaque DH
b7d3dce4 2022-01-14 09:16:52 sync
27c8f1bf 2022-01-14 09:15:07 bump libcrypto, libssl, libtls majors after struct visibility changes and Symbol addition and removal in libcrypto.
c929ff6c 2022-01-14 09:12:53 Use the correct type for ssl_callback_ctrl()
f9a06750 2022-01-14 09:12:15 Convert the new record layers to opaque EVP_AEAD_CTX ok jsing
426f2c04 2022-01-14 09:11:22 Convert ssl_kex.c to opaque DH Stop reaching into DH internals and use the new API functions instead. ok inoguchi jsing
8c09bc91 2022-01-14 09:10:11 Use BIO_next/BIO_set_next in ssl_lib.c Trivial conversion to cope with opaque BIO.
a366758f 2022-01-14 09:09:30 bio_ssl.c needs to peek into bio_local.h
2a12d662 2022-01-14 09:08:03 libkeynote: fix build with opaque RSA and DSA This is a completely mechanical conversion to use accessors instead of reaching inside the structs by hand. ok millert
7df22999 2022-01-14 09:06:02 Update Symbols.list ok inoguchi
082847b1 2022-01-14 09:03:53 Unconditionally comment out OPENSSL_NO_RFC3779 ok inoguchi jsing
447b7d02 2022-01-14 09:01:36 Remove header guard around RFC 3779 declarations ok inoguchi jsing
8be50d4c 2022-01-14 08:59:30 Expose Certificate Transparency symbols in headers ok inoguchi jsing
e7d5586a 2022-01-14 08:56:00 Hide OBJ_bsearch_ from public visibility, This removes OBJ_bsearch_ex_() from the exported symbols and makes OBJ_bsearch_() semi-private. It is still used in libssl. While here, remove some hideous unused macros ok inoguchi jsing
43c7bac0 2022-01-14 08:53:53 Move ASN1_BOOLEAN to internal only. This moves {d2i,i2d}_ASN1_BOOLEAN() to internal only. They are unused, but help us testing the encoding. ok jsing
409e1e2a 2022-01-14 08:52:05 Remove check_defer and obj_cleanup_defer from public visibility ok inoguchi jsing
f0dfbe84 2022-01-14 08:50:25 Remove name_cmp from public visibility ok inoguchi jsing
9bec1105 2022-01-14 08:43:06 Remove all asn1_* symbols from public visibility ok inoguchi jsing
818427c5 2022-01-14 08:40:57 Implement new-style OpenSSL BIO callbacks This provides support for new-style BIO callbacks in BIO_{read,write,gets,puts}() and a helper function to work out whether it should call the new or the old style callback. It also adds a few typedefs and minor code cleanup as well as the BIO_{get,set}_callback_ex() from jsing, ok tb
b7df4fb6 2022-01-14 08:38:48 Garbage collect last use of EVP_ecdsa() ok inoguchi jsing
66c3bd61 2022-01-14 08:38:05 Remove legacy sign/verify from EVP_MD. This removes m_dss.c, m_dss1.c, and m_ecdsa.c and the corresponding public API EVP_{dss,dss1,ecdsa}(). This is basically the following OpenSSL commit. The mentioned change in RSA is already present in rsa/rsa_pmeth.c. ok inoguchi jsing commit 7f572e958b13041056f377a62d3219633cfb1e8a Author: Dr. Stephen Henson <steve@openssl.org> Date: Wed Dec 2 13:57:04 2015 +0000 Remove legacy sign/verify from EVP_MD. Remove sign/verify and required_pkey_type fields of EVP_MD: these are a legacy from when digests were linked to public key types. All signing is now handled by the corresponding EVP_PKEY_METHOD. Only allow supported digest types in RSA EVP_PKEY_METHOD: other algorithms already block unsupported types. Remove now obsolete EVP_dss1() and EVP_ecdsa(). Reviewed-by: Richard Levitte <levitte@openssl.org> Plus OpenSSL commit 625a9baf11c1dd94f17e5876b6ee8d6271b3921d for m_dss.c
e3ac9fd6 2022-01-14 08:34:39 Make RSA, RSA_PSS_PARAMS and RSA_METHOD opaque Move the struct internals to rsa_locl.h and provide a missing typedef in ossl_typ.h. ok inoguchi jsing
f36fa09c 2022-01-14 08:32:26 Make structs in ocsp.h opaque This adds a little order to this pig sty. ok inoguchi jsing
1e2ac2fc 2022-01-14 08:31:03 Move ECDSA_SIG to ecs_locl.h We can't make ECDSA_METHOD opaque since it is still used in smtpd(8) ok inoguchi jsing
354ae18b 2022-01-14 08:29:06 Simplify DSAPublicKey_it This was obtained by porting the OpenSSL commit below and then using expand_crypto_asn1.go to unroll the new ASN.1 macros - actually the ones from 987157f6f63 which fixed the omission of dsa_cb() in the first commit. ok inoguchi jsing commit ea6b07b54c1f8fc2275a121cdda071e2df7bd6c1 Author: Dr. Stephen Henson <steve@openssl.org> Date: Thu Mar 26 14:35:49 2015 +0000 Simplify DSA public key handling. DSA public keys could exist in two forms: a single Integer type or a SEQUENCE containing the parameters and public key with a field called "write_params" deciding which form to use. These forms are non standard and were only used by functions containing "DSAPublicKey" in the name. Simplify code to only use the parameter form and encode the public key component directly in the DSA public key method. Reviewed-by: Richard Levitte <levitte@openssl.org>
339abe94 2022-01-14 08:27:23 Make DSA opaque This moves DSA_SIG, DSA and DSA_METHOD to dsa_locl.h. ok inoguchi jsing
34372826 2022-01-14 08:25:44 Make structs in dh.h opaque This moves the struct internals for DH and DH_METHOD to dh_local.h. ok inoguchi jsing
371d42e6 2022-01-14 08:23:25 Garbage collect the unused OPENSSL_ITEM ok inoguchi jsing
ede3f3cd 2022-01-14 08:21:12 Make structs in comp.h opaque This moves COMP_CTX and COMP_METHOD to comp_local.h and provides missing typedefs in ossl_typ.h. ok inoguchi jsing
00451bf8 2022-01-14 08:18:55 Make structs in bio.h opaque Move BIO, BIO_METHOD and BIO_F_BUFFER_CTX to bio_local.h and provide BIO typedef in ossl_typ.h. ok inoguchi jsing
9b72422d 2022-01-14 08:16:13 Garbage collect the app_items field of ASN1_ADB This is unused and was removed in OpenSSL 5b70372d when it was replaced with an ASN.1 ADB callback (which we don't support). ok inoguchi jsing
6d34308f 2022-01-14 08:14:48 Remove NO_ASN1_FIELD_NAMES This follows OpenSSL commit 26f2412d. ok inoguchi jsing
568bf0f6 2022-01-14 08:12:31 Remove obsolete key formats This removes NETSCAPE_X509, NETSCAPE{,_ENCRYPTED}_PKEY, RSA_NET, Netscape_RSA things. Some of the nasty tentacles that could go in principle are used in some test suites, so we need to keep them... All this was removed as part of OpenSSL commit 0bc2f365. ok inoguchi jsing
292b1e0c 2022-01-14 08:09:18 Remove ASN1_OBJECT internals from public visibility. Move the struct declaration to asn1_locl.h and add a forward declaration to ossl_typ.h. This makes struct visibility in the asn1 headers match OpenSSL. ok inoguchi jsing
d56fe77f 2022-01-14 08:06:03 Remove HMAC_CTX_{init,cleanup}() and HMAC_init from public visibility In OpenSSL commit 32fd54a9a3 HMAC_CTX_cleanup() was integrated into HMAC_CTX_init(), then HMAC_CTX_init() was renamed to HMAC_CTX_reset() in dc0099e1. LibreSSL retained them for API compatibility with OpenSSL 1.0. Not many things use them anymore. In fact, some projects that didn't want to modify their code for OpenSSL 1.1 API compatibility used the removed functions to wrap the OpenSSL 1.1 API. We had to patch some of these and this will now no longer be necessary. Also remove HMAC_cleanup(). Nothing uses this. ok inoguchi jsing
9a297db8 2022-01-14 08:04:14 Make structs in evp.h and hmac.h opaque This moves most structs to evp_locl.h and moves HMAC_CTX to hmac_local.h. ok inoguchi jsing
e5507b79 2022-01-14 08:01:47 Move BN structs to bn_lcl.h This makes all structs in bn.h opaque that are also opaque in OpenSSL. ok inoguchi jsing
f7158ee3 2022-01-14 07:59:32 Remove BIO_s_file_internal Pointed out by schwarze. How something with this name ever made its way into a public header will remain a mystery. ok inoguchi jsing
e29dcb8a 2022-01-14 07:57:17 Remove ASN1{_const,}_check_infinite_end Suggested by schwarze ok inoguchi jsing
c0c24dd1 2022-01-14 07:55:29 Remove ASN1{,_const}_CTX These are leftovers of the old ASN.1 stuff. Nothing uses this. OpenSSL removed them in a469a677. ok inoguchi jsing
75395eaa 2022-01-14 07:53:45 Remove X509_OBJECT_free_contents Inline X509_OBJECT_free_contents() in X509_OBJECT_free() and remove this dangerous API. It was left over when x509_vfy.h was made opaque. ok inoguchi jsing
6d0c4fa9 2022-01-14 07:52:24 Remove PEM_Seal{Init,Update,Final} This unused, bug-ridden API was removed in OpenSSL commit 0674427f. ok inoguchi jsing
326063fd 2022-01-14 07:49:49 Unifdef LIBRESSL_OPAQUE_* and LIBRESSL_NEXT_API This marks the start of major surgery in libcrypto. Do not attempt to build the tree for a while (~50 commits).
5ca02815 2022-01-14 06:52:58 update drm to linux 5.15.14 new hardware support includes Intel ehl/Elkhart Lake (embedded) jsl/Jasper Lake (atom) rkl/Rocket Lake (desktop) AMD van gogh APU (gfx1033) yellow carp / rembrandt APU (gfx1035?) Ryzen 6000 APU navy flounder / navi 22 (gfx1031) RX 6700, RX 6700 XT, RX 6700M, RX 6800M, RX 6850M XT dimgrey cavefish / navi 23 (gfx1032) Pro W6600, Pro W6600M, RX 6600, RX 6600 XT, RX 6600M, RX 6600S, RX 6650M, RX 6650M XT, RX 6700S, RX 6800S beige goby / navi 24 (gfx1034) RX 6500 XT, RX 6400, RX 6500M, RX 6300M Thanks to the OpenBSD Foundation for sponsoring this work niklas@ for helping with ttm and amdgpu and patrick@ for adapting rockchip drm.
523c887a 2022-01-14 04:25:57 get the list of things in the full identifier right.
f361212a 2022-01-14 03:43:48 allow pin-required FIDO keys to be added to ssh-agent(1). ssh-askpass will be used to request the PIN at authentication time. From Pedro Martelletto, ok djm
0081f855 2022-01-14 03:35:10 ssh-sk: free a resident key's user id From Pedro Martelletto; ok dtucker & me
31c848cc 2022-01-14 03:34:00 sshsk_load_resident: don't preallocate resp resp is allocated by client_converse(), at which point we lose the original pointer. From Pedro Martelletto; ok dtucker & me
a0e2ca3c 2022-01-14 03:32:52 sshsk_sign: trim call to sshkey_fingerprint() the resulting fingerprint doesn't appear to be used for anything, and we end up leaking it. from Pedro Martelletto; ok dtucker & me
dd6df15e 2022-01-14 03:31:52 use status error message to communicate ~user expansion failures; provides better experience for scp in sftp mode, where ~user paths are more likely to be used; spotted jsg, feedback jsg & deraadt ok jsg & markus (forgot to include this file in previous commit)
00fa47ce 2022-01-14 00:14:39 Computng -> Computing
d00990cc 2022-01-13 19:05:00 add a dummy -t flag to llvm-ranlib to match binutils' ranlib's -t flag which is a no-op; ok millert@
2a800370 2022-01-13 18:39:14 fix the -width argument;
9aac0c33 2022-01-13 14:58:21 Move mft_check() after setting repoid and path on the mft. Also skip mft_check() if the mft is stale because at least in -n mode the files to check are probably not around. OK tb@
6936df76 2022-01-13 14:57:02 Move some functions around to reduce diff with an upcoming change. OK tb@
422efc16 2022-01-13 14:15:27 Make bpf event filter MP-safe Use bd_mtx to serialize bpf knote handling. This allows calling the event filter without the kernel lock. OK mpi@
1c4e6f78 2022-01-13 14:12:02 Return an error if bpfilter_lookup() fails in bpfkqfilter() The lookup should not fail because the kernel lock should prevent simultaneous detaching on the vnode layer. However, most other device kqfilter routines check the lookup's outcome anyway, which is maybe a bit more forgiving. OK mpi@
87c7c78d 2022-01-13 13:46:03 Alter valid_filehash() to take a file descriptor instead of a path. This is needed so that callers can allow a file to be in multiple locations. Also move mft_check() from mft.c to parser.c. OK tb@
264f4ef9 2022-01-13 13:18:41 Implement a RRDP_CLEAR message that instructs the parent to cleanup the rrdp directory. This is used before a snapshot download to ensure that the snapshot is applied to a clean repo. Similar cleanup happens if the transfer fails. In that case remove the temp directory contents only. This uses a new function remove_contents() to remove everything below a base directory (a bit like rm -r X/*). OK tb@
58a63a6b 2022-01-13 12:21:22 allow disabling the @ts tweak, which may come in handy for new fw_update that doesn't grok them.
b435c97d 2022-01-13 11:50:29 Implement but don't use code to use rsync's --compare-dest feature. One gotcha is that the path passed to --compare-dest needs to be relative to the dst directory. rsync_fixup_dest() will prepend the necessary ../ for that by counting number of '/' in dst. OK tb@
1c9657ab 2022-01-13 11:47:44 Add the same entityq_flush() logic in ta_lookup() as it is done in repo_lookup(). This fixes -n mode. OK tb@
2989d287 2022-01-13 11:23:47 be more explicit about the current package format and why it's so.
0736570c 2022-01-13 10:34:58 Adapt to changed debugging output
2a99deb5 2022-01-13 10:34:07 Move parsing of incoming syslog messages to their own section. This should make it more manageable. No functional change intended, debugging output slightly changed. help from and OK bluhm@
a5505455 2022-01-13 08:59:10 Implement powerdown. This involves writing a magic bit somewhere in the address space of the SPMI PMU to prevent the machine from immediately starting up again. The implementaton makes aplpmu(4) provide powerdownfn(), which sets the magic bit and then chains into cpuresetfn(). It also makes aplsmc(4) provide cpuresetfn() to reset the machine via the SMC. Resetting via the watchdog works as well (and will powerdown the machine if the magic bit is set) but letting the SMC handle things might do some other required steps. ok patrick@
faa1737a 2022-01-13 08:39:24 Tedu support for the -xsh4.2 argument to the mdoc(7) .St macro because all of the following hold: * It is an alias for a part of an ancient standard that is no longer important. * To refer to that old standard, -xpg4.2 is readily available and portable. * It is unused in OpenBSD, FreeBSD, and NetBSD. * Groff never supported it. I agreed with G. Branden Robinson that deleting this from mandoc is preferable to adding it to groff.
576410a5 2022-01-13 05:10:46 Calling MB_CUR_MAX is much more expensive than incrementing a pointer and than testing and printing a byte, so do it once up front rather than inside the inner loop. This speeds up rev(1) by about a factor of three for typical use cases. Performance issue found by cheloha@, but my fix is a bit simpler and more rigorous than Scott's original patch. While here, also add the missing handling for write errors (making them fatal, whereas read errors remain non-fatal and proceed to the next input file) and also avoid testing each byte twice, making the code more straightforward and more readable. In part using ideas from millert@ and martijn@. OK martijn@.
b7cb00ef 2022-01-13 04:53:16 Set LC_ALL in both local and remote shells so that sorted output matches regardless of what the user's shell sets it to. ok djm@
57edf436 2022-01-13 04:22:10 Avoid %'s in commands (not used in OpenBSD, but used in -portable's Valgrind test) being interpretted as printf format strings.