Make SHA aarch64 assembly build with gcc.
gcc is extremely fussy about register naming and insists on q and s naming
for the ARM CE SHA instructions, even though they're referring to the same
register (while LLVM just figures it out). Work around this by mapping
registers to their required variant at usage and defining a handful of
mappings between v registers and alternate names/views.
This is still somewhat ugly, but seems to be one of the cleaner options
that will allow portable to enable SHA assembly on platforms that use gcc.
ok kenjiro@ tb@
Tidy instruction separators in SHA assembly.
Remove unnecessary separators and add a few to macros that call other
macros (instead of expecting them to exist).
rpki-client: rename pk and opk to cert_pkey and tal_pkey
Additionally swap the argument order in the calls to EVP_PKEY_cmp() since
this looks nicer.
ok claudio job
rpki-client: remove cms_parse_validate_detached()
Geofeed was the only consumer of detache signatures and there are no plans
to support any other content type needing this. So remove this wrapper and
drop the now no longer needed BIO.
Also remove the NULL checks for res and resz in cms_extract_econtent() as
the callers of cms_parse_validate() pass in &cmsz, and cms_parse_validate()
itself passes a &res.
ok claudio job
Do the TX ring space check before packet dequeue. The early check
removes possible bus_dmamap_unload() and dequeue rollback in the output
path.
Also set the maximum TX segments count to 20. jmatthew@ pointed that
existing value of 128 is too big. I checked others and found, that NetBSD
uses 128 as we do and FreeBSD uses 20, so I used 20. May be this value is
also too big, but it could be decreased at any moment.
Tested on RPI4.
ok jmatthew@
Replace overlay_ranges with visible_ranges which can hold more than
three ranges (will be needed for floating panes); move the visible
ranges checks outside of tty_draw_line and rewrite it to fix issues with
partially-obscured wide characters. With Michael Grant.
bn_const: add RFC 7919 primes
There is no intention to expose these via public API or to use them in TLS.
For now these will only be used for short-circuiting pointless expensive
computations in DH_check().
ok beck
Scapy special for DH_check()
The latest release of Scapy calls DH_check() on all the well-known
Diffie-Hellman parameters for RFCs 2409, 3526, and 7919. It does this
via pyca/cryptography at startup. Every single time. This is obviously
very expensive, due to our 64 MR rounds (which are complete overkill
now that we have BPSW). Instead of pondering the ideal number of rounds
for BPSW with FFDH, simply skip the check if the parameter matches a
well-known prime. These are known to be safe primes, so we can skip
those super-expensive and pointless checks without any risk.
This is only done for the public dh->p parameter. It could be further
optimized, but with the follow-up commit adding the RFC 7919 primes this
reduces the startup time to what it was before Scapy 2.7.0: < 1s.
Reverting from 64 MR rounds to BN_check_primes rounds, we would still
have ~8s startup time without this optimization, which isn't great for
an interactive tool.
[11 lines not shown]
bn regress: add test that double checks the RFC 2409 and 3526 primes
Also has code to check the RFC 7919 primes and run DH_check() once that
knows about these.
Make it clear that DenyUsers/DenyGroups overrides AllowUsers/AllowGroups.
Previously we specified the order in which the directives are
processed but it was ambiguous as to what happened if both matched.
OK djm@
Adds basic implementation of the low-level FUSE API.
This is sufficient to compile and run lowntfs-3g.
In this patch the low and high-level APIs are independent. The next
patch will modify the high-level API to make use of the low-level API
so that there is no longer any code duplication.
The libfuse changes are mostly additions and should be self-explanatory.
There are also some kernel changes required, which are:
- A fusefs dir vnode now keeps a reference to its parent vnode so that ".." is
resolves in fusefs_lookup rather than sending the lookup request to the FUSE
file system. This is consistent with Linux.
- Added sanity checks for the attributes returned from FBT_GETATTR. These
belong in the kernel and not in libfuse.
- fusefs_readdir needed some tweaking to handle full buffers.
- Set the vnode type from the attributes returned from FBT_MKDIR and
FBT_MKNOD.
[6 lines not shown]
wycheproof regress: wycheproof-testvectors was renamed to wycheproof
Installed packages will update and pkg_add wycheproof-testvectors will
continue to work.
libsndio: Increase the length of display strings and control names
Fixes truncated uaudio(4) device names. As we're at it, increase other
strings and add padding in the sioctl_desc structure, for future use.
libsndio: Add the new sio_onxrun(3) function to report underruns
libsndio recovers after underruns, so in most cases they should just
be ignored. However there are cases where a program may use an external
audio clock (ex. an RTP stream) and resample to make the local audio
rate match the remote rate to keep the latency constant. To do so, the
program must measure continuously the clock drift and calculate the
resampling ratio. Upon underrun, such programs must restart the
measurements, hence the need for this new interface.
ok armani
ML-KEM: improve the EncapsTest
New testvectors want some more detailed handling, which brings these
Wycheproof encapsulation tests about on par with our existing tests.
ML-KEM: don't treat API failure as test failure for invalid test cases
An update to the test vectors adds tests which verifies that the API
correctly rejects some inputs.
