skip dwqe_tx_proc() processing while the interface is not up
Prevents a crash seen by bluhm@ while running flood ping in parallel
to looping ifconfig dwqe0 down up:
kernel: protection fault trap, code=0
Stopped at m_tag_delete_chain+0x30: movq 0(%rsi),%rax
ok kettenis@ dlg@ patrick@ deraadt@
Stop building camellia assembly on amd64 and i386.
This is a legacy algorithm and the assembly is only marginally faster than
the C code.
Discussed with beck@ and tb@
No longer build the objective-C compiler (cc1obj). Its standard library
(libobjc) had been removed from the build years ago, there is no need to
keep the compiler.
ok beck@ joshua@
Remove the at-syscall-time check for msyscall(2)'s behaviour. msyscall(2)
was a big coding effort to ensure that system calls could only be performed
from static-binary/ld.so/libc.so/sigtramp regions of memory, by caching a
uvm entry with a serial number; new mmap/mprotect calls would increment
the map serial, and the entry would need to be looked up again. So the
cost was O(1) in the usual case, but O(log n) with some locking if a map
change required a new lookup.
In the new world order, such regions are immutable so they cannot be
changed/split by mmap/mprotect; also we know the precise entry locations
of the syscalls due to system call pinning (ELF OPENBSD_SYSCALL and
pinsyscalls(2)), and this is all done as O(1) without any locking.
All the other parts of the subsystem will be ripped out but please
run a kernel with this before I make changes to ld.so..
ok kettenis
Implement Ed25519 signatures for CMS (RFC 8419)
This adds support for Edwards curve digital signature algorithms in the
cryptographic message syntax, as specified in RFC 8419. Only Ed25519 is
supported since that is the only EdDSA algorithm that LibreSSL supports
(this is unlikely to change ever, but, as they say - never is a very
long time).
This has the usual curly interactions between EVP and CMS with poorly
documented interfaces and lots of confusing magic return values and
controls. This improves upon existing control handlers by documenting
what is being done and why. Unlike other (draft) implementations we
also happen to use the correct hashing algorithm.
There are no plans to implement RFC 8418.
joint work with job at p2k23
ok jsing
Make X509_VERIFY_PARAM_set1_policies() less bad
If any OBJ_dup() fails along the way, a partially copied policy stack
would remain on the params object. This makes no sense. Implement and
use an sk_ASN1_OBJECT_deep_copy(), that copies the full stack or else
returns NULL.
Remove unnecessary NULL check and streamline some other logic.
ok jsing
Always use C functions for AES_set_{encrypt,decrypt}_key().
Always include aes_core.c and provide AES_set_{encrypt,decrypt}_key() via C
functions, which then either use a C implementation or call the assembly
implementation.
ok tb@
Improve error checking in i2d_ASN1_bio_stream()
The streaming BIO API is full of missing error checks. This diff reverts
the logic so that the single call to ASN1_item_i2d_bio() is error checked
(it has the usual 1/0 return values), unindents the bulk of the code and
propagates the SMIME_crlf_copy() return value (alos 1/0) to be the actual
error.
ok jsing