isakmpd: avoid direct ASN1_STRING accesses
Since this transforms notBefore and notAfter into a string to be used in
a keynote assertion, existing libcrypto interfaces aren't directly suitable,
so I kept this mechanical by assigning the data and length fields to local
variables via accessors and replacing tm->data by data and tm->length by
len, only occasionally fixing up whitespace and omitting parentheses.
probably ok beck claudio
Fix vmd reboots broken by my pause barrier changes.
Reported by bluhm@.
Long story is vmd has some complexity in how the decision to "reboot"
a vm process is made. The pause barrier diff clobbered a return
value that bubbled up to a value passed to exit(3) and picked up
by the parent vmd process (the "vmm" process) that determines if a
process exit should result in relaunching the vm process or not.
For now, just stop clobbering the value and don't report the error
returned by pthread_barrier_destroy(3).
Replace trivial uses of ASN1_STRING_data()
Almost entirely mechanical diff that ensures that for read-only accesses
we use the const correct ASN1_STRING_get0_data(). Arguably, in most
places the better fix would be to reach into ASN1_STRING but then we
have to think and bikeshed...
ok beck kenjiro
libcrypto: make most of the BN_* macro pollution internal
This is a first sweep of reducing the number of terribly named macros
in bn.h More can go away. Those we need internally go to bn_local.h.
Annoyingly bn_internal.h uses some of them, so it includes bn_local.h
now. This can be cleaned up later.
ok jsing kenjiro
disable Panel Self Refresh (PSR) in amdgpu
PSR is a power saving feature, previously enabled for
DCN >= 3.1.2 (YELLOW CARP / Rembrandt).
Disabling PSR avoids a problem encountered by robert@ on a
ThinkPad X13 Gen 6 (21RM) with GC 11.5.2, DCN 3.5.0.
If a reboot was attempted after X started, the machine would hang.
robert has patiently tried many PSR related patches, but nothing
besides disabling PSR entirely has helped.
convert PerSourcePenalties to using floating point time, allowing
penalties to be less than a second. This is useful if you need to
penalise things you expect to occur at >=1 QPS.
feedback dtucker / deraadt; ok deraadt@
Add convtime_double() that converts a string interval, such
as "3w2d4h5m10.5s", into a floating point number of seconds.
Reimplement the existing convtime() function using convtime_double()
(it just drops the fractional seconds)
lots of feedback deraadt@ / dtucker@; ok deraadt@
rpki-client: turn CCR into a proper CMS citizen
Using an EncapsulatedContentInfo was a hack which arose out of the
desire of having an OID next to the stuff we really care about.
Russ Housley pointed out that an EncapsulatedContentInfo is never
really used at the top level and that CMS (of course) has a proper
mechanism for this. (The absence of signers also makes this original
choice dubious, see last paragraph before RFC 5652, section 5.2.1.)
So, switch to a ContentInfo and fix another encoding issue, namely
using a naked OID instead of a CMS DigestAlgorithmIdentifier.
In addition to CCR becoming a plain CMS object, the code becomes
simpler overall despite the DigestAlgorithmIdentifier adding some
complexity. The big win is that the opaque OCTET STRING wrapping
the CCR SEQUENCE and the manual DER wrangling can go away.
Russ confirmed by decoding a detailed example that this produces
the appropriate DER matching the changes in the ASN.1 in
[15 lines not shown]
Add an ssh -Oconninfo command that shows connection information,
similar to the ~I escapechar. This is the first use of the mux
extension mechanism, so it should be both forward and backward
compatible: a new client talking to an old server will not allow
the "conninfo" request to be sent, but everything else should work
seamlessly. feedback and ok djm@
rework how tlb shootdown information is sent between cpus.
this change avoids using a mutex to coordinate work between cpus.
previously every cpu had a list of structs that represented a
shootdown "job" that another cpu might want to send it. these structs
were protected by a per cpu mutex, so if cpu A wanted to send a
shootdown to B, cpu A would take Bs lock, take a job from the free
list, fill it in, queue the job on a pending list, release the
mutex, and then send an IPI to B.
the ipi handler on B would then take the mutex, pop jobs off the
pending list, run them, queue them back on the free list, and then
release its mutex.
in this change there's no mutex, instead each job slot has an
individual "state" field. so if cpu A wants to send a shootdown to
B, A iterates over all the job slots on B and tries cas ops against
the state field to transition it from "idle" to "pending". if cpu
[26 lines not shown]