jcs.org
commits
Avoids spurious port errors when plugging and unplugging devices on
the DM250.
Just note the change and notify the root hub. Fixes a hard lockup
on the DM250 when unplugging an OTG hub.
Disestablish interrupt on detach
On resume we'll already have root mounted so we can't use
config_mountroot or it will lock against it self since
config_mountroot doesn't defer to a thread.
tcmfd provides the keyboard on the DM250 and without rkcharger, the
battery might not get charged at a rate high enough to outpace draw
Fixes cards not getting powered up properly after a
removal->insertion->removal->insertion cycle
The Bluetooth part of the Broadcom Wi-Fi SDIO device is wired up to
uart0 on the Pomera DM250 so com0 still attaches and bcmbt uses it
as a bus to talk to the device.
This driver just needs to do particular GPIO poking according to the
DTB and upload firmware to it in a mountroot hook. Once
initialized, userland can talk to it through cua00.
In case the keys are modifier keys of the system keyboard, these
need to come through the existing wskbd device to act on the input
from that device.
On the Pomera DM250, the keyboard is mostly handled with the wskbd
off of tcmfd except for Left Alt and Right Shift, which are
specially-wired gpio lines (for U-boot to recognize a recovery
sequence).
But only if the device is non-removable and has no broken-cd
property.
This way the default params stay without having to pass them in
sc_params.
Change bcm2835_dwctwo to a generic FDT attachment mechanism, add
Rockchip support.
There are a bunch of different BQ27XXX devices that have similar
registers in different places, but right now this only supports the
BQ27Z561.
earlier version ok sashan@, changes since then: drop the change to the
manual, and reorder struct
ok tb@
struct bgpd_config includes various pointers and those should not be passed.
Instead use an zeroed stack object and copy_config() to ensure that all
pointers are NULL before passing the struct.
Also implement imsg_recv_config() which does the reverse.
Reported by Shibo, Shawn, Hugo, Systopia Team
OK tb@
Reflects kern_pledge.c r1.346 and r1.348.
Also in open(2): Document when __pledge_open appeared and add a missing word.
ok deraadt
Add support for benchmarking ML-KEM key encapsulation mechanisms to
openssl speed. The following operations are measured:
- key generation
- encapsulation
- decapsulation
Two parameter sets are supported:
mlkem768
mlkem1024
The benchmark can be invoked using the following options:
mlkem run all ML-KEM benchmarks
mlkem768 run ML-KEM-768 benchmarks
mlkem1024 run ML-KEM-1024 benchmarks
Results are reported similarly to other public key algorithms, showing
time per operation and operations per second. Machine-readable output
(-mr) support is also added for ML-KEM.
ok tb
- remove CommScope CA (they requested it themselves;
https://bugzilla.mozilla.org/show_bug.cgi?id=1994866)
- add new cert:
/C=HU/L=Budapest/O=Microsec Ltd./2.5.4.97=VATHU-23584497/CN=e-Szigno TLS Root CA 2023
Relevant for OpenBSD are security fixes #1158 #1161 #1162 #1163,
other changes #1156 #1153. Library bump is not necessary.
CVE-2026-32776 CVE-2026-32777 CVE-2026-32778
tested and OK tb@
We received reports that the too generic internal ecdsa_{sign,verify}()
symbol names clash in some static links. The naming here is annoying
because the EC_KEY_METHOD amalgamated the no longer existing ECDH and
ECDSA methods which themselves had poorly chosen method names, still
reflected in public API.
There are various messes here. The ECDSA verify methods are declared
in ec_local.h, whereas the ECDSA sign methods are in ecdsa_local.h
(which is itself pretty useless and really only about EC_KEY_METHOD).
I therefore merged the ECDSA method declarations into ec_local.h and
deleted ecdsa_local.h since I see no real benefit to the latter.
ecdsa.c needs ec_local.h anyway. Having the method declarations next
to EC_KEY_METHOD seems sensible. I left the order as it was, matching
ecdsa.c. The eckey_compute_pubkey() prototype should probably be moved
down.
With one exception I just added an ec_key_ prefix. This leads to a
a repetition of 'key' in ec_key_ecdh_compute_key() which I chose to
live with because it matches the public ECDH_compute_key() (mostly
used by SSH implementations). The exception is ec_key_generate_key()
where I expanded the gen() leading to another _key repetition but
this then matches EC_KEY_generate_key().
Thanks to Rosen Penev for reporting and sending an initial diff.
See also https://github.com/gsliepen/tinc/issues/478
ok jsing
this change drops the exclude regex and just simply checks if the
object files are actually available and then constucts a response
file which we pass for linking and this seems to be good enough
to have reproducible make build output (which is what we want here)
ok tb@
This is currently just one global sum of all hash table memory. The plan
is to do more but right now this is a good first step.
OK tb@
After the drvdata changes that went in a while ago, these can be used.
No functional change.
The Bluetooth part of the Broadcom Wi-Fi SDIO device is wired up to
uart0 on the Pomera DM250 so com0 still attaches and bcmbt uses it
as a bus to talk to the device.
This driver just needs to do particular GPIO poking according to the
DTB and upload firmware to it in a mountroot hook. Once
initialized, userland can talk to it through cua00.
In case the keys are modifier keys of the system keyboard, these
need to come through the existing wskbd device to act on the input
from that device.
On the Pomera DM250, the keyboard is mostly handled with the wskbd
off of tcmfd except for Left Alt and Right Shift, which are
specially-wired gpio lines (for U-boot to recognize a recovery
sequence).
Add support for benchmarking ML-KEM key encapsulation mechanisms to
openssl speed. The following operations are measured:
- key generation
- encapsulation
- decapsulation
Two parameter sets are supported:
mlkem768
mlkem1024
The benchmark can be invoked using the following options:
mlkem run all ML-KEM benchmarks
mlkem768 run ML-KEM-768 benchmarks
mlkem1024 run ML-KEM-1024 benchmarks
Results are reported similarly to other public key algorithms, showing
time per operation and operations per second. Machine-readable output
(-mr) support is also added for ML-KEM.
ok tb
We received reports that the too generic internal ecdsa_{sign,verify}()
symbol names clash in some static links. The naming here is annoying
because the EC_KEY_METHOD amalgamated the no longer existing ECDH and
ECDSA methods which themselves had poorly chosen method names, still
reflected in public API.
There are various messes here. The ECDSA verify methods are declared
in ec_local.h, whereas the ECDSA sign methods are in ecdsa_local.h
(which is itself pretty useless and really only about EC_KEY_METHOD).
I therefore merged the ECDSA method declarations into ec_local.h and
deleted ecdsa_local.h since I see no real benefit to the latter.
ecdsa.c needs ec_local.h anyway. Having the method declarations next
to EC_KEY_METHOD seems sensible. I left the order as it was, matching
ecdsa.c. The eckey_compute_pubkey() prototype should probably be moved
down.
With one exception I just added an ec_key_ prefix. This leads to a
a repetition of 'key' in ec_key_ecdh_compute_key() which I chose to
live with because it matches the public ECDH_compute_key() (mostly
used by SSH implementations). The exception is ec_key_generate_key()
where I expanded the gen() leading to another _key repetition but
this then matches EC_KEY_generate_key().
Thanks to Rosen Penev for reporting and sending an initial diff.
See also https://github.com/gsliepen/tinc/issues/478
ok jsing