flushing code to operate on virtual addresses instead of physical
addresses. Seems the Zicbom implementation on the SpacemiT X60 cores
doesn't flush the caches if the mapping is non-cachable. So adjust
_pmap_kenter_pa() to use a temporary cachable mapping to clean a page we
want to map non-cachable.
ok jca@
Until now, only 'delete' operations in ksh's vi-mode yank the deleted
range to the yank buffer. Make 'change' operations do the same.
This is consistent with vi(1)'s behavior.
ok tb@
octciu_intr_establish() happens on autoconf where only CPU0 exists, and
on octeon we increase ncpus in cpu hatch, and not attach, which means
that ncpus is 1 at octciu_intr_establish() time.
What makes cpuid always 1 for that code and schedules all interrupts on
CPU0.
I also moved octciu_intr_barrier() to actual interrupt's cpu.
OK: visa@, kn@
The cpus were put into the linked list in mostly inverted order during attach.
The linked list determines the order used by the CPU_INFO_FOREACH macros.
Order the linked list by ci_cpuid instead.
ok jca@ for most archs
"this should go in" deraadt@
string is now deprecated. Instead change hw.model to be the CPU core
name for cpu0 like we do on other architectures.
We'll revisit printing CPU features for riscv64 in the future.
ok jca@, mlarkin@
their "capacity". This a concept borrowed from the device tree standard
that indicates the nominal performance of a CPU core. For ACPI machines
we use similar information from ACPI's Collaborative Processor Performance
Control (CPPC). If performance is less than 30% of the fastest cores in
the same we classify them as L. Between 30% and 80% we classify them as E.
And above 80% we classify them as P. The CPU capacity is communicated to
userland though kstat(4).
ok deraadt@, jca@
We no longer support TLSv1.0 and definitely do not support SSLv3 - remove
the empty fragments workaround for the CBC vulnerability in these
protocols.
ok kenjiro@ tb@
TLS versions prior to TLSv1.2 were disabled a while ago, however this
was done in the version handling code. Remove TLSv1.1 and earlier from
ssl_get_method() and add an explicit min version check in the legacy
client and server, to provide a stronger guarantee.
ok kenjiro@ tb@
This has not been reachable since we made the TLSv1.3 stack the default
entry point - tls13_record_layer_read_record() will send a protocol
version alert and raise an error, which means we never transition into
the legacy stack.
ok kenjiro@
While it looks a bit tidier if the variables are aligned with a tab in
the declarations, this is also a source of churn, so give up on this in
this function.
This is the last step of sprinkling const for OpenSSL 4. Move the extension
retrieved via X509_get_ext() to a const. The extension is first passed to
the simple X509_EXTENSION_get_object() getter and in the extension parsers
to X509V3_EXT_d2i(). The OID is passed to the const correct OBJ_obj2nid()
and OBJ_obj2text().
discussed with claudio
Again this is currently a noop which is needed since this simple getter
isn't const correct in OpenSSL < 4 and LibreSSL and because OpenSSL 4
fixed this.
discussed with claudio
This function has never modified the extensions. It only uses the extension's
object (OID) to retrieve the X509_EXT_METHOD and then calls the appropriate
d2i handler on the extension's value. OpenSSL 4 correctly added a const
qualifier to this function.
The cast is a noop right now, but once we switch the extension handlers'
signatures to take a const, this will generate a warning due to passing a
const pointer to a non-const function for OpensSL < 4 and LibreSSL.
Annotate the cast for our future selves.
discussed with claudio
This is slightly more consistent with the remainder of the file.
All other extension handlers except those for ipAddrBlocks and
autonomousSysIds, which start with sbgp_ for historical reasons,
have a cert_ prefix.
discussed with claudio
In cert_check_spki() the pubkey is a libcrypto-internal pointer hanging
off cert->x509, which is then passed to the very const-incorrect getter
X509_PUBKEY_get0_param(): that's a piece of art which hands back pointers
to things deeper down in the x509 - some of them const, some non-const.
OpenSSL 3 made its X509_PUBKEY argument const, but their X509_ALGOR **
still isn't. I don't believe they thought about this in #11894 as they
had a more important _cmp() vs _eq() bikeshed to sort out.
discussed with claudio
X509_get_issuer_name() isn't const correct in LibreSSL and OpenSSL < 4
and it returns a modifiable X509_NAME *. The xissuer is only passed to
X509_NAME_oneline() which takes a const X509_NAME, so it can be const.
discussed with claudio
POLLIN resulted in a file close, the POLLOUT runs incorrectly which
matters in the TLS context which attempts to read after free.
from James J. Lippard
ok millert
