| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
ok jsing
|
|
one in /usr/include/openssl.
|
|
Use x509_verify.h from the libcrypto sources instead of the public copy.
The x509_verify.h header was installed as a public header since early on
we had ideas of using a public API in libtls, but we eventually decided
against that. It makes no sense to install a public header that hides
everything behind LIBRESSL_INTERNAL. The public API will not be exposed
anytime soon if at all.
ok jsing
|
|
the keyboard layout on all of them during install.
tested with a Thinkpad X13s with a silly amount of kezboards connected.
OK miod@ kn@
|
|
they are using a glass console and kezboard.
tested with a Thinkpad X13s with a DE kezboard.
OK deraadt@ miod@ kn@
|
|
I wonder if we should allow --exec-only option on all architectures
(but not as default), because this pre-check list now covers all
architectures, and we haven't seen a ld.lld problem. We only switch
an architecture to --exec-only default when other aspects (mostly
compiler or .S files), that is a seperate switch block.
Even though i386 has no mmu means to enforce xonly, uvm will fail a
memcpy read of region which hasn't been previously faulted (by
executing code in the region). This definately blocks reads of
"contigious entire libc text", because very few programs "execute code
in all libc code pages", even with uvm_fault's behaviour of wide
faulting a 32K region. The random relinking also means an attacker
cannot know what subset of libc text can be read because pre-faulted
chunks are unknown, but now they can't copy it all (if they could find
the location and bounds). This neat behaviour applies to all
architectures. It seems we should try to always hint text segment
permission as PROT_EXEC-only to the kernel and be happy that blocks a
read, even if that blocking isn't 100% reliable.
note: unfortunately binutils --exec-only isn't bug-free yet on most
architectures, taking the same approach there will take longer.
|
|
|
|
They should go away, but they have not yet disappeared and this
consolidates the source files.
Discussed with tb@
|
|
Nothing actually uses this code, as OPENSSL_BN_ASM_MONT is not defined
unless there is an assembly implementation available (not to mention that
defining both OPENSSL_NO_ASM and OPENSSL_BN_ASM_MONT at the same time is
extra strange).
Discussed with tb@
|
|
|
|
Provide a function that divides a double word (h:l) by d, returning the
quotient q and the remainder r, such that q * d + r is equal to the
numerator. Call this from the three places that currently implement this
themselves.
This is implemented with some slight indirection, which allows for per
architecture implementations, replacing the define/macro tangle, which
messes with variables that are not passed to it.
Also remove a duplicate of bn_div_words() for the BN_ULLONG && BN_DIV2W
case - this is already handled.
ok tb@
|
|
Part of an ongoing effort to move userland-specific information out
of a kernel header and directly into vmd(8). No functional change.
ok mlarkin@
|
|
|
|
|
|
alphabetical order while I'm there.
ok deraadt@
|
|
OK deraadt@
|
|
rwlock(9) acquisition.
Reported-by: syzbot+fbe3acb4886adeef31e0@syzkaller.appspotmail.com
|
|
|
|
that secondary CPUs will get parked in a WFI loop like we already do on
Apple Silicon systems. This requires some small changes in agintc(4) to
make sure we ack the "halt" IPI such that we can send a "wakeup" IPI later.
ok patrick@
|
|
Don't hardcode stathz to 100 and profhz to 1000. Instead, set stathz
to hz and profhz to (stathz * 10). This is what we do in all other
armv7 clock interrupt drivers and most other platforms.
Link: https://marc.info/?l=openbsd-tech&m=167479021815637&w=2
ok kettenis@
|
|
Don't hardcode stathz to 100 and profhz to 1000. Instead, set stathz
to hz and profhz to (stathz * 10). This is what we do on most other
platforms.
Link: https://marc.info/?l=openbsd-tech&m=167479021815637&w=2
ok kettenis@
|
|
Don't hardcode stathz to 100 and profhz to 1000. Instead, set stathz
to hz and profhz to (stathz * 10). This is what we do on most other
platforms.
Link: https://marc.info/?l=openbsd-tech&m=167479021815637&w=2
ok kettenis@
|
|
ok naddy@, sthen@
|
|
to compose the offset to the PLT instead of having a constant pool in .text.
Make --execute-only work on powerpc64.
ok miod@
|
|
Also, some cases could be protected with solock_shared().
ok bluhm@
|
|
selinfo is just wrapper to klist. netstat(1) and libkvm use socket
structure, but don't touch so_{snd,rcv}.sb_sel.
ok visa@
|
|
on the floating-point control register.
|
|
ok hackroom
tested by plenty
|
|
round in the right direction for halfway values.
(noticed in the perl test results thanks to afresh1@)
|
|
|
|
|
|
Don't hardcode 100 and 1000. Use hz(9) for stathz, compute profhz
using stathz, just like most other platforms.
Link: https://marc.info/?l=openbsd-tech&m=167479021815637&w=2
ok jca@
|
|
Different from original LUNA(68k), the number of planes is directly
stored as an integer value on LUNA-88K.
Tested on LUNA-88K2 by me.
|
|
and make them behave as intended again.
The existing constraints are too weak; this used to work in older days, but
got broken when the system compiler was updated to gcc 4 (or maybe even gcc 3).
|
|
The plan is to retire the 1.0.2 interop tests soon so as to be able to
drop the dead and dangerous OpenSSL 1.0.2 port.
The cert part is extremely slow on arm64: the whole interop test on an m1
is about 10x slower (~45 min!) than on a modern amd64 laptop, so people
running regress may want to wait a bit with adding OpenSSL 3 to their test
boxes until this is sorted out.
|
|
|
|
parameter that PSCI gives us.
ok patrick@
|
|
|
|
easily repeatable ASSERT happens seconds after starting compiles over nfs.
|
|
Correct the logic, still blocking PROT_EXEC
ok anton kettenis
|
|
allow '*' to select all partitions when the action is 'delete'.
No intentional functional change.
|
|
We now die with an error when trying to expand a variable that is
already longer than 64K. This was never a buffer overflow in our
pkg-config, but rather an unbounded memory allocation that would
eventually run up against resource limits. OK sthen@ jasper@
|
|
- Remove custom clock interrupt scheduling code.
- Remove local evcount structs.
- Wire up gptimer_intrclock.
- Switch stathz from 128 to hz
- Switch profhz from 1024 to (stathz * 10).
This change is untested. Nobody seems to have hardware that actually uses
the gptimer(4) as an interrupt clock. If this patch doesn't work, the driver
is probably not too distant from a working state.
Compile-tested by jca@. Discussed with kettenis@, jca@, drahn@, patrick@,
jsg@, and uwe@.
Link: https://marc.info/?l=openbsd-tech&m=167451333419815&w=2
ok patrick@ kettenis@
|
|
ports like "lang/chicken/core" do generate files like lang.chicken.core.lru
instead of lang.chicken.core (which can create confusion in people's mind)
do so transparently by reading the old file if need be, and removing it
afterwards.
Funny thing noticed by tb@
ok tb@, sthen@
|
|
|
|
Protection mechanism provided by modern POWER CPUs. This is implemented
in a way data allows us to use the Data Address Compare mechanism that
was available on older versions of the architecture if we ever add support
for these older CPUs (e.g. the PowerPC 970 aka G5).
Special thanks to gkoehler@ for spotting the bug in my initial
implementation that made this not work at all.
ok deraadt@, gkoehler@
|
|
From Lang Yu
6da17ac15e354ce483044c924c801a1b25ec8e4a in linux-6.1.y/6.1.8
0ddadc3a2208aedb1b27dbb76d0b4e722b5b527a in mainline linux
|
