SecBSD/src
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sync code with last improvements from OpenBSD

Browse source
This commit is contained in:
purplerain 2023-08-31 18:59:48 +00:00
parent 085b88af82
commit ecb53bfacf
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
22 changed files with 1201 additions and 743 deletions
Download patch file Download diff file Expand all files Collapse all files

3
distrib/sets/lists/comp/mi
View file

@ -1917,9 +1917,12 @@
./usr/share/man/man3/ESS_SIGNING_CERT_new.3
./usr/share/man/man3/EVP_AEAD_CTX_init.3
./usr/share/man/man3/EVP_BytesToKey.3
./usr/share/man/man3/EVP_CIPHER_CTX_ctrl.3
./usr/share/man/man3/EVP_CIPHER_CTX_get_cipher_data.3
./usr/share/man/man3/EVP_CIPHER_CTX_set_flags.3
./usr/share/man/man3/EVP_CIPHER_do_all.3
./usr/share/man/man3/EVP_CIPHER_meth_new.3
./usr/share/man/man3/EVP_CIPHER_nid.3
./usr/share/man/man3/EVP_DigestInit.3
./usr/share/man/man3/EVP_DigestSignInit.3
./usr/share/man/man3/EVP_DigestVerifyInit.3

260
lib/libcrypto/man/EVP_CIPHER_CTX_ctrl.3 Normal file
View file

@ -0,0 +1,260 @@
.\" $OpenBSD: EVP_CIPHER_CTX_ctrl.3,v 1.1 2023/08/31 17:27:41 schwarze Exp $
.\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800
.\"
.\" This file is a derived work.
.\" The changes are covered by the following Copyright and license:
.\"
.\" Copyright (c) 2018, 2023 Ingo Schwarze <schwarze@openbsd.org>
.\" Copyright (c) 2018 Damien Miller <djm@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000, 2001, 2016 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\" software must display the following acknowledgment:
.\" "This product includes software developed by the OpenSSL Project
.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For written permission, please contact
.\" openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\" nor may "OpenSSL" appear in their names without prior written
.\" permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by the OpenSSL Project
.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: August 31 2023 $
.Dt EVP_CIPHER_CTX_CTRL 3
.Os
.Sh NAME
.Nm EVP_CIPHER_CTX_ctrl ,
.Nm EVP_CIPHER_CTX_set_padding ,
.Nm EVP_CIPHER_CTX_set_key_length ,
.Nm EVP_CIPHER_CTX_key_length ,
.Nm EVP_CIPHER_key_length ,
.Nm EVP_CIPHER_CTX_iv_length ,
.Nm EVP_CIPHER_iv_length ,
.Nm EVP_CIPHER_CTX_set_iv ,
.Nm EVP_CIPHER_CTX_get_iv
.Nd configure EVP cipher contexts
.Sh SYNOPSIS
.In openssl/evp.h
.Ft int
.Fo EVP_CIPHER_CTX_ctrl
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "int type"
.Fa "int arg"
.Fa "void *ptr"
.Fc
.Ft int
.Fo EVP_CIPHER_CTX_set_padding
.Fa "EVP_CIPHER_CTX *x"
.Fa "int padding"
.Fc
.Ft int
.Fo EVP_CIPHER_CTX_set_key_length
.Fa "EVP_CIPHER_CTX *x"
.Fa "int keylen"
.Fc
.Ft int
.Fo EVP_CIPHER_CTX_key_length
.Fa "const EVP_CIPHER_CTX *ctx"
.Fc
.Ft int
.Fo EVP_CIPHER_key_length
.Fa "const EVP_CIPHER *e"
.Fc
.Ft int
.Fo EVP_CIPHER_CTX_iv_length
.Fa "const EVP_CIPHER_CTX *ctx"
.Fc
.Ft int
.Fo EVP_CIPHER_iv_length
.Fa "const EVP_CIPHER *e"
.Fc
.Ft int
.Fo EVP_CIPHER_CTX_set_iv
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "const unsigned char *iv"
.Fa "size_t len"
.Fc
.Ft int
.Fo EVP_CIPHER_CTX_get_iv
.Fa "const EVP_CIPHER_CTX *ctx"
.Fa "unsigned char *iv"
.Fa "size_t len"
.Fc
.Sh DESCRIPTION
.Fn EVP_CIPHER_CTX_ctrl
allows various cipher specific parameters to be determined and set.
Currently only the RC2 effective key length can be set.
.Pp
.Fn EVP_CIPHER_CTX_set_padding
enables or disables padding.
This function should be called after the context is set up for
encryption or decryption with
.Xr EVP_EncryptInit_ex 3 ,
.Xr EVP_DecryptInit_ex 3 ,
or
.Xr EVP_CipherInit_ex 3 .
By default encryption operations are padded using standard block padding
and the padding is checked and removed when decrypting.
If the
.Fa padding
parameter is zero, then no padding is performed, the total amount of data
encrypted or decrypted must then be a multiple of the block size or an
error will occur.
.Pp
.Fn EVP_CIPHER_CTX_set_key_length
sets the key length of the cipher ctx.
If the cipher is a fixed length cipher, then attempting to set the key
length to any value other than the fixed value is an error.
.Pp
.Fn EVP_CIPHER_CTX_key_length
and
.Fn EVP_CIPHER_key_length
return the key length of a cipher when passed an
.Vt EVP_CIPHER_CTX
or
.Vt EVP_CIPHER
structure.
The constant
.Dv EVP_MAX_KEY_LENGTH
is the maximum key length for all ciphers.
Note: although
.Fn EVP_CIPHER_key_length
is fixed for a given cipher, the value of
.Fn EVP_CIPHER_CTX_key_length
may be different for variable key length ciphers.
.Pp
.Fn EVP_CIPHER_CTX_iv_length
and
.Fn EVP_CIPHER_iv_length
return the IV length of a cipher when passed an
.Vt EVP_CIPHER_CTX
or
.Vt EVP_CIPHER .
It will return zero if the cipher does not use an IV.
The constant
.Dv EVP_MAX_IV_LENGTH
is the maximum IV length for all ciphers.
.Pp
.Fn EVP_CIPHER_CTX_set_iv
and
.Fn EVP_CIPHER_CTX_get_iv
set and retrieve the IV for an
.Vt EVP_CIPHER_CTX ,
respectively.
In both cases, the specified IV length must exactly equal the expected
IV length for the context as returned by
.Fn EVP_CIPHER_CTX_iv_length .
.Sh RETURN VALUES
.Fn EVP_CIPHER_CTX_ctrl
usually returns 1 for success, 0 for failure, or \-1 if the
.Fa type
is not supported by the
.Fa ctx ,
but there may be exceptions for some
.Fa type
arguments.
.Pp
.Fn EVP_CIPHER_CTX_set_padding
always returns 1.
.Pp
.Fn EVP_CIPHER_CTX_set_key_length ,
.Fn EVP_CIPHER_CTX_set_iv ,
and
.Fn EVP_CIPHER_CTX_get_iv
return 1 for success or 0 for failure.
.Pp
.Fn EVP_CIPHER_CTX_key_length
and
.Fn EVP_CIPHER_key_length
return the key length.
.Pp
.Fn EVP_CIPHER_CTX_iv_length
and
.Fn EVP_CIPHER_iv_length
return the IV length or zero if the cipher does not use an IV.
.Sh SEE ALSO
.Xr evp 3 ,
.Xr EVP_CIPHER_nid 3 ,
.Xr EVP_EncryptInit 3
.Sh HISTORY
.Fn EVP_CIPHER_CTX_key_length ,
.Fn EVP_CIPHER_key_length ,
.Fn EVP_CIPHER_CTX_iv_length ,
and
.Fn EVP_CIPHER_iv_length
first appeared in SSLeay 0.6.5 and have been available since
.Ox 2.4 .
.Pp
.Fn EVP_CIPHER_CTX_ctrl
and
.Fn EVP_CIPHER_CTX_set_key_length
first appeared in OpenSSL 0.9.6 and have been available since
.Ox 2.9 .
.Pp
.Fn EVP_CIPHER_CTX_set_padding
first appeared in OpenSSL 0.9.7 and has been available since
.Ox 3.2 .
.Pp
.Fn EVP_CIPHER_CTX_set_iv
and
.Fn EVP_CIPHER_CTX_get_iv
first appeared in LibreSSL 2.8.1 and have been available since
.Ox 6.4 .
.Sh BUGS
.Dv EVP_MAX_KEY_LENGTH
and
.Dv EVP_MAX_IV_LENGTH
only refer to the internal ciphers with default key lengths.
If custom ciphers exceed these values, the results are unpredictable.
This is because it has become standard practice to define a generic key
as a fixed unsigned char array containing
.Dv EVP_MAX_KEY_LENGTH
bytes.

228
lib/libcrypto/man/EVP_CIPHER_CTX_set_flags.3 Normal file
View file

@ -0,0 +1,228 @@
.\" $OpenBSD: EVP_CIPHER_CTX_set_flags.3,v 1.1 2023/08/31 17:27:41 schwarze Exp $
.\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800
.\"
.\" This file is a derived work.
.\" The changes are covered by the following Copyright and license:
.\"
.\" Copyright (c) 2019 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>
.\" and Patrick Steuer <patrick.steuer@de.ibm.com>.
.\" Copyright (c) 2000, 2017 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\" software must display the following acknowledgment:
.\" "This product includes software developed by the OpenSSL Project
.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For written permission, please contact
.\" openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\" nor may "OpenSSL" appear in their names without prior written
.\" permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by the OpenSSL Project
.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: August 31 2023 $
.Dt EVP_CIPHER_CTX_SET_FLAGS 3
.Os
.Sh NAME
.Nm EVP_CIPHER_CTX_set_flags ,
.Nm EVP_CIPHER_CTX_clear_flags ,
.Nm EVP_CIPHER_CTX_test_flags ,
.Nm EVP_CIPHER_CTX_rand_key ,
.Nm EVP_CIPHER_param_to_asn1 ,
.Nm EVP_CIPHER_asn1_to_param ,
.Nm EVP_CIPHER_CTX_get_app_data ,
.Nm EVP_CIPHER_CTX_set_app_data
.Nd unusual EVP cipher context configuration
.Sh SYNOPSIS
.In openssl/evp.h
.Ft void
.Fo EVP_CIPHER_CTX_set_flags
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "int flags"
.Fc
.Ft void
.Fo EVP_CIPHER_CTX_clear_flags
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "int flags"
.Fc
.Ft int
.Fo EVP_CIPHER_CTX_test_flags
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "int flags"
.Fc
.Ft int
.Fo EVP_CIPHER_CTX_rand_key
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "unsigned char *key"
.Fc
.Ft int
.Fo EVP_CIPHER_param_to_asn1
.Fa "EVP_CIPHER_CTX *c"
.Fa "ASN1_TYPE *type"
.Fc
.Ft int
.Fo EVP_CIPHER_asn1_to_param
.Fa "EVP_CIPHER_CTX *c"
.Fa "ASN1_TYPE *type"
.Fc
.Ft void *
.Fo EVP_CIPHER_CTX_get_app_data
.Fa "const EVP_CIPHER_CTX *ctx"
.Fc
.Ft void
.Fo EVP_CIPHER_CTX_set_app_data
.Fa "const EVP_CIPHER_CTX *ctx"
.Fa "void *data"
.Fc
.Sh DESCRIPTION
.Fn EVP_CIPHER_CTX_set_flags
enables the given
.Fa flags
in
.Fa ctx .
.Fn EVP_CIPHER_CTX_clear_flags
disables the given
.Fa flags
in
.Fa ctx .
.Fn EVP_CIPHER_CTX_test_flags
checks whether any of the given
.Fa flags
are currently set in
.Fa ctx ,
returning the subset of the
.Fa flags
that are set, or 0 if none of them are set.
Currently, the only supported cipher context flag is
.Dv EVP_CIPHER_CTX_FLAG_WRAP_ALLOW ;
see
.Xr EVP_aes_128_wrap 3
for details.
.Pp
.Fn EVP_CIPHER_CTX_rand_key
generates a random key of the appropriate length based on the cipher
context.
The
.Vt EVP_CIPHER
can provide its own random key generation routine to support keys
of a specific form.
The
.Fa key
argument must point to a buffer at least as big as the value returned by
.Xr EVP_CIPHER_CTX_key_length 3 .
.Pp
.Fn EVP_CIPHER_param_to_asn1
sets the ASN.1
.Vt AlgorithmIdentifier
parameter based on the passed cipher.
This will typically include any parameters and an IV.
The cipher IV (if any) must be set when this call is made.
This call should be made before the cipher is actually "used" (before any
.Xr EVP_EncryptUpdate 3
or
.Xr EVP_DecryptUpdate 3
calls, for example).
This function may fail if the cipher does not have any ASN.1 support.
.Pp
.Fn EVP_CIPHER_asn1_to_param
sets the cipher parameters based on an ASN.1
.Vt AlgorithmIdentifier
parameter.
The precise effect depends on the cipher.
In the case of RC2, for example, it will set the IV and effective
key length.
This function should be called after the base cipher type is set but
before the key is set.
For example
.Xr EVP_CipherInit 3
will be called with the IV and key set to
.Dv NULL ,
.Fn EVP_CIPHER_asn1_to_param
will be called and finally
.Xr EVP_CipherInit 3
again with all parameters except the key set to
.Dv NULL .
It is possible for this function to fail if the cipher does not
have any ASN.1 support or the parameters cannot be set (for example
the RC2 effective key length is not supported).
.Sh RETURN VALUES
.Fn EVP_CIPHER_CTX_rand_key
return 1 for success or 0 for failure.
.Pp
.Fn EVP_CIPHER_param_to_asn1
and
.Fn EVP_CIPHER_asn1_to_param
return greater than zero for success and zero or a negative number
for failure.
.Sh SEE ALSO
.Xr evp 3 ,
.Xr EVP_CIPHER_CTX_ctrl 3 ,
.Xr EVP_CIPHER_CTX_get_cipher_data 3 ,
.Xr EVP_CIPHER_nid 3 ,
.Xr EVP_EncryptInit 3
.Sh HISTORY
.Fn EVP_CIPHER_CTX_set_app_data
and
.Fn EVP_CIPHER_CTX_get_app_data
first appeared in SSLeay 0.8.0.
.Fn EVP_CIPHER_param_to_asn1
and
.Fn EVP_CIPHER_asn1_to_param
first appeared in SSLeay 0.9.0.
These functions have been available since
.Ox 2.4 .
.Pp
.Fn EVP_CIPHER_CTX_rand_key
first appeared in OpenSSL 0.9.8 and has been available since
.Ox 4.5 .
.Sh BUGS
The ASN.1 code is incomplete (and sometimes inaccurate).
It has only been tested for certain common S/MIME ciphers
(RC2, DES, triple DES) in CBC mode.

215
lib/libcrypto/man/EVP_CIPHER_nid.3 Normal file
View file

@ -0,0 +1,215 @@
.\" $OpenBSD: EVP_CIPHER_nid.3,v 1.1 2023/08/31 17:27:41 schwarze Exp $
.\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800
.\"
.\" This file is a derived work.
.\" The changes are covered by the following Copyright and license:
.\"
.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\" software must display the following acknowledgment:
.\" "This product includes software developed by the OpenSSL Project
.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For written permission, please contact
.\" openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\" nor may "OpenSSL" appear in their names without prior written
.\" permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by the OpenSSL Project
.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: August 31 2023 $
.Dt EVP_CIPHER_NID 3
.Os
.Sh NAME
.Nm EVP_CIPHER_nid ,
.Nm EVP_CIPHER_CTX_nid ,
.Nm EVP_CIPHER_type ,
.Nm EVP_CIPHER_CTX_type ,
.Nm EVP_CIPHER_block_size ,
.Nm EVP_CIPHER_CTX_block_size ,
.Nm EVP_CIPHER_flags ,
.Nm EVP_CIPHER_CTX_flags ,
.Nm EVP_CIPHER_mode ,
.Nm EVP_CIPHER_CTX_mode
.Nd inspect EVP_CIPHER objects
.Sh SYNOPSIS
.In openssl/evp.h
.Ft int
.Fo EVP_CIPHER_nid
.Fa "const EVP_CIPHER *e"
.Fc
.Ft int
.Fo EVP_CIPHER_CTX_nid
.Fa "const EVP_CIPHER_CTX *ctx"
.Fc
.Ft int
.Fo EVP_CIPHER_type
.Fa "const EVP_CIPHER *ctx"
.Fc
.Ft int
.Fo EVP_CIPHER_CTX_type
.Fa "const EVP_CIPHER_CTX *ctx"
.Fc
.Ft int
.Fo EVP_CIPHER_block_size
.Fa "const EVP_CIPHER *e"
.Fc
.Ft int
.Fo EVP_CIPHER_CTX_block_size
.Fa "const EVP_CIPHER_CTX *ctx"
.Fc
.Ft unsigned long
.Fo EVP_CIPHER_flags
.Fa "const EVP_CIPHER *e"
.Fc
.Ft unsigned long
.Fo EVP_CIPHER_CTX_flags
.Fa "const EVP_CIPHER_CTX *ctx"
.Fc
.Ft unsigned long
.Fo EVP_CIPHER_mode
.Fa "const EVP_CIPHER *e"
.Fc
.Ft unsigned long
.Fo EVP_CIPHER_CTX_mode
.Fa "const EVP_CIPHER_CTX *ctx"
.Fc
.Sh DESCRIPTION
.Fn EVP_CIPHER_nid
and
.Fn EVP_CIPHER_CTX_nid
return the NID of a cipher when passed an
.Vt EVP_CIPHER
or
.Vt EVP_CIPHER_CTX
structure.
The actual NID value is an internal value which may not have a
corresponding OBJECT IDENTIFIER.
.Pp
.Fn EVP_CIPHER_type
and
.Fn EVP_CIPHER_CTX_type
return the type of the passed cipher or context.
This "type" is the actual NID of the cipher OBJECT IDENTIFIER as such it
ignores the cipher parameters and 40-bit RC2 and 128-bit RC2 have the
same NID.
If the cipher does not have an object identifier or does not
have ASN.1 support, this function will return
.Dv NID_undef .
.Pp
.Fn EVP_CIPHER_block_size
and
.Fn EVP_CIPHER_CTX_block_size
return the block size of a cipher when passed an
.Vt EVP_CIPHER
or
.Vt EVP_CIPHER_CTX
structure.
The constant
.Dv EVP_MAX_BLOCK_LENGTH
is also the maximum block length for all ciphers.
.Pp
.Fn EVP_CIPHER_mode
and
.Fn EVP_CIPHER_CTX_mode
return the block cipher mode:
.Dv EVP_CIPH_ECB_MODE ,
.Dv EVP_CIPH_CBC_MODE ,
.Dv EVP_CIPH_CFB_MODE ,
.Dv EVP_CIPH_OFB_MODE ,
.Dv EVP_CIPH_CTR_MODE ,
or
.Dv EVP_CIPH_XTS_MODE .
If the cipher is a stream cipher then
.Dv EVP_CIPH_STREAM_CIPHER
is returned.
.Sh RETURN VALUES
.Fn EVP_CIPHER_nid
and
.Fn EVP_CIPHER_CTX_nid
return a NID.
.Pp
.Fn EVP_CIPHER_type
and
.Fn EVP_CIPHER_CTX_type
return the NID of the cipher's OBJECT IDENTIFIER or
.Dv NID_undef
if it has no defined OBJECT IDENTIFIER.
.Pp
.Fn EVP_CIPHER_block_size
and
.Fn EVP_CIPHER_CTX_block_size
return the block size.
.Sh SEE ALSO
.Xr evp 3 ,
.Xr EVP_CIPHER_CTX_ctrl 3 ,
.Xr EVP_EncryptInit 3
.Sh HISTORY
.Fn EVP_CIPHER_type ,
.Fn EVP_CIPHER_CTX_type ,
.Fn EVP_CIPHER_block_size ,
and
.Fn EVP_CIPHER_CTX_block_size
first appeared in SSLeay 0.6.5.
.Fn EVP_CIPHER_nid
and
.Fn EVP_CIPHER_CTX_nid
first appeared in SSLeay 0.8.0.
All these functions have been available since
.Ox 2.4 .
.Pp
.Fn EVP_CIPHER_flags ,
.Fn EVP_CIPHER_CTX_flags ,
.Fn EVP_CIPHER_mode ,
and
.Fn EVP_CIPHER_CTX_mode
first appeared in OpenSSL 0.9.6 and have been available since
.Ox 2.9 .

463
lib/libcrypto/man/EVP_EncryptInit.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: EVP_EncryptInit.3,v 1.47 2023/08/26 15:01:56 schwarze Exp $
.\" $OpenBSD: EVP_EncryptInit.3,v 1.48 2023/08/31 17:27:41 schwarze Exp $
.\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800
.\" EVP_bf_cbc.pod EVP_cast5_cbc.pod EVP_idea_cbc.pod EVP_rc2_cbc.pod
.\" 7c6d372a Nov 20 13:20:01 2018 +0000
@ -69,7 +69,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: August 26 2023 $
.Dd $Mdocdate: August 31 2023 $
.Dt EVP_ENCRYPTINIT 3
.Os
.Sh NAME
@ -96,37 +96,10 @@
.Nm EVP_CipherFinal ,
.Nm EVP_Cipher ,
.Nm EVP_CIPHER_CTX_encrypting ,
.Nm EVP_CIPHER_CTX_set_flags ,
.Nm EVP_CIPHER_CTX_clear_flags ,
.Nm EVP_CIPHER_CTX_test_flags ,
.Nm EVP_CIPHER_CTX_set_padding ,
.Nm EVP_CIPHER_CTX_set_key_length ,
.Nm EVP_CIPHER_CTX_ctrl ,
.Nm EVP_CIPHER_CTX_rand_key ,
.Nm EVP_get_cipherbyname ,
.Nm EVP_get_cipherbynid ,
.Nm EVP_get_cipherbyobj ,
.Nm EVP_CIPHER_nid ,
.Nm EVP_CIPHER_block_size ,
.Nm EVP_CIPHER_key_length ,
.Nm EVP_CIPHER_iv_length ,
.Nm EVP_CIPHER_flags ,
.Nm EVP_CIPHER_mode ,
.Nm EVP_CIPHER_type ,
.Nm EVP_CIPHER_CTX_cipher ,
.Nm EVP_CIPHER_CTX_nid ,
.Nm EVP_CIPHER_CTX_block_size ,
.Nm EVP_CIPHER_CTX_key_length ,
.Nm EVP_CIPHER_CTX_iv_length ,
.Nm EVP_CIPHER_CTX_get_iv ,
.Nm EVP_CIPHER_CTX_set_iv ,
.Nm EVP_CIPHER_CTX_get_app_data ,
.Nm EVP_CIPHER_CTX_set_app_data ,
.Nm EVP_CIPHER_CTX_type ,
.Nm EVP_CIPHER_CTX_flags ,
.Nm EVP_CIPHER_CTX_mode ,
.Nm EVP_CIPHER_param_to_asn1 ,
.Nm EVP_CIPHER_asn1_to_param ,
.Nm EVP_enc_null ,
.Nm EVP_idea_cbc ,
.Nm EVP_idea_ecb ,
@ -294,43 +267,6 @@
.Fo EVP_CIPHER_CTX_encrypting
.Fa "const EVP_CIPHER_CTX *ctx"
.Fc
.Ft void
.Fo EVP_CIPHER_CTX_set_flags
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "int flags"
.Fc
.Ft void
.Fo EVP_CIPHER_CTX_clear_flags
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "int flags"
.Fc
.Ft int
.Fo EVP_CIPHER_CTX_test_flags
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "int flags"
.Fc
.Ft int
.Fo EVP_CIPHER_CTX_set_padding
.Fa "EVP_CIPHER_CTX *x"
.Fa "int padding"
.Fc
.Ft int
.Fo EVP_CIPHER_CTX_set_key_length
.Fa "EVP_CIPHER_CTX *x"
.Fa "int keylen"
.Fc
.Ft int
.Fo EVP_CIPHER_CTX_ctrl
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "int type"
.Fa "int arg"
.Fa "void *ptr"
.Fc
.Ft int
.Fo EVP_CIPHER_CTX_rand_key
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "unsigned char *key"
.Fc
.Ft const EVP_CIPHER *
.Fo EVP_get_cipherbyname
.Fa "const char *name"
@ -343,97 +279,10 @@
.Fo EVP_get_cipherbyobj
.Fa "const ASN1_OBJECT *a"
.Fc
.Ft int
.Fo EVP_CIPHER_nid
.Fa "const EVP_CIPHER *e"
.Fc
.Ft int
.Fo EVP_CIPHER_block_size
.Fa "const EVP_CIPHER *e"
.Fc
.Ft int
.Fo EVP_CIPHER_key_length
.Fa "const EVP_CIPHER *e"
.Fc
.Ft int
.Fo EVP_CIPHER_iv_length
.Fa "const EVP_CIPHER *e"
.Fc
.Ft unsigned long
.Fo EVP_CIPHER_flags
.Fa "const EVP_CIPHER *e"
.Fc
.Ft unsigned long
.Fo EVP_CIPHER_mode
.Fa "const EVP_CIPHER *e"
.Fc
.Ft int
.Fo EVP_CIPHER_type
.Fa "const EVP_CIPHER *ctx"
.Fc
.Ft const EVP_CIPHER *
.Fo EVP_CIPHER_CTX_cipher
.Fa "const EVP_CIPHER_CTX *ctx"
.Fc
.Ft int
.Fo EVP_CIPHER_CTX_nid
.Fa "const EVP_CIPHER_CTX *ctx"
.Fc
.Ft int
.Fo EVP_CIPHER_CTX_block_size
.Fa "const EVP_CIPHER_CTX *ctx"
.Fc
.Ft int
.Fo EVP_CIPHER_CTX_key_length
.Fa "const EVP_CIPHER_CTX *ctx"
.Fc
.Ft int
.Fo EVP_CIPHER_CTX_iv_length
.Fa "const EVP_CIPHER_CTX *ctx"
.Fc
.Ft int
.Fo EVP_CIPHER_CTX_get_iv
.Fa "const EVP_CIPHER_CTX *ctx"
.Fa "unsigned char *iv"
.Fa "size_t len"
.Fc
.Ft int
.Fo EVP_CIPHER_CTX_set_iv
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "const unsigned char *iv"
.Fa "size_t len"
.Fc
.Ft void *
.Fo EVP_CIPHER_CTX_get_app_data
.Fa "const EVP_CIPHER_CTX *ctx"
.Fc
.Ft void
.Fo EVP_CIPHER_CTX_set_app_data
.Fa "const EVP_CIPHER_CTX *ctx"
.Fa "void *data"
.Fc
.Ft int
.Fo EVP_CIPHER_CTX_type
.Fa "const EVP_CIPHER_CTX *ctx"
.Fc
.Ft unsigned long
.Fo EVP_CIPHER_CTX_flags
.Fa "const EVP_CIPHER_CTX *ctx"
.Fc
.Ft unsigned long
.Fo EVP_CIPHER_CTX_mode
.Fa "const EVP_CIPHER_CTX *ctx"
.Fc
.Ft int
.Fo EVP_CIPHER_param_to_asn1
.Fa "EVP_CIPHER_CTX *c"
.Fa "ASN1_TYPE *type"
.Fc
.Ft int
.Fo EVP_CIPHER_asn1_to_param
.Fa "EVP_CIPHER_CTX *c"
.Fa "ASN1_TYPE *type"
.Fc
.Sh DESCRIPTION
The EVP cipher routines are a high level interface to certain symmetric
ciphers.
@ -492,7 +341,7 @@ and
objects used by
.Fa in
and any application specific data set with
.Fn EVP_CIPHER_CTX_set_app_data
.Xr EVP_CIPHER_CTX_set_app_data 3
are not copied and
.Fa out
will point to the same three objects.
@ -507,7 +356,7 @@ If the bit
.Dv EVP_CIPH_CUSTOM_COPY
has been set with
.Xr EVP_CIPHER_meth_set_flags 3 ,
.Fn EVP_CIPHER_CTX_ctrl
.Xr EVP_CIPHER_CTX_ctrl 3
is called at the end with arguments
.Fa in ,
.Dv EVP_CTRL_COPY ,
@ -690,123 +539,6 @@ structure when passed a cipher name, a NID or an
.Vt ASN1_OBJECT
structure.
.Pp
.Fn EVP_CIPHER_nid
and
.Fn EVP_CIPHER_CTX_nid
return the NID of a cipher when passed an
.Vt EVP_CIPHER
or
.Vt EVP_CIPHER_CTX
structure.
The actual NID value is an internal value which may not have a
corresponding OBJECT IDENTIFIER.
.Pp
.Fn EVP_CIPHER_CTX_set_flags
enables the given
.Fa flags
in
.Fa ctx .
.Fn EVP_CIPHER_CTX_clear_flags
disables the given
.Fa flags
in
.Fa ctx .
.Fn EVP_CIPHER_CTX_test_flags
checks whether any of the given
.Fa flags
are currently set in
.Fa ctx ,
returning the subset of the
.Fa flags
that are set, or 0 if none of them are set.
Currently, the only supported cipher context flag is
.Dv EVP_CIPHER_CTX_FLAG_WRAP_ALLOW ;
see
.Xr EVP_aes_128_wrap 3
for details.
.Pp
.Fn EVP_CIPHER_CTX_set_padding
enables or disables padding.
This function should be called after the context is set up for
encryption or decryption with
.Fn EVP_EncryptInit_ex ,
.Fn EVP_DecryptInit_ex ,
or
.Fn EVP_CipherInit_ex .
By default encryption operations are padded using standard block padding
and the padding is checked and removed when decrypting.
If the
.Fa padding
parameter is zero, then no padding is performed, the total amount of data
encrypted or decrypted must then be a multiple of the block size or an
error will occur.
.Pp
.Fn EVP_CIPHER_key_length
and
.Fn EVP_CIPHER_CTX_key_length
return the key length of a cipher when passed an
.Vt EVP_CIPHER
or
.Vt EVP_CIPHER_CTX
structure.
The constant
.Dv EVP_MAX_KEY_LENGTH
is the maximum key length for all ciphers.
Note: although
.Fn EVP_CIPHER_key_length
is fixed for a given cipher, the value of
.Fn EVP_CIPHER_CTX_key_length
may be different for variable key length ciphers.
.Pp
.Fn EVP_CIPHER_CTX_set_key_length
sets the key length of the cipher ctx.
If the cipher is a fixed length cipher, then attempting to set the key
length to any value other than the fixed value is an error.
.Pp
.Fn EVP_CIPHER_iv_length
and
.Fn EVP_CIPHER_CTX_iv_length
return the IV length of a cipher when passed an
.Vt EVP_CIPHER
or
.Vt EVP_CIPHER_CTX .
It will return zero if the cipher does not use an IV.
The constant
.Dv EVP_MAX_IV_LENGTH
is the maximum IV length for all ciphers.
.Pp
.Fn EVP_CIPHER_CTX_get_iv
and
.Fn EVP_CIPHER_CTX_set_iv
will respectively retrieve and set the IV for an
.Vt EVP_CIPHER_CTX .
In both cases, the specified IV length must exactly equal the expected
IV length for the context as returned by
.Fn EVP_CIPHER_CTX_iv_length .
.Pp
.Fn EVP_CIPHER_block_size
and
.Fn EVP_CIPHER_CTX_block_size
return the block size of a cipher when passed an
.Vt EVP_CIPHER
or
.Vt EVP_CIPHER_CTX
structure.
The constant
.Dv EVP_MAX_BLOCK_LENGTH
is also the maximum block length for all ciphers.
.Pp
.Fn EVP_CIPHER_type
and
.Fn EVP_CIPHER_CTX_type
return the type of the passed cipher or context.
This "type" is the actual NID of the cipher OBJECT IDENTIFIER as such it
ignores the cipher parameters and 40-bit RC2 and 128-bit RC2 have the
same NID.
If the cipher does not have an object identifier or does not
have ASN.1 support, this function will return
.Dv NID_undef .
.Pp
.Fn EVP_CIPHER_CTX_cipher
returns the
.Vt EVP_CIPHER
@ -814,72 +546,6 @@ structure when passed an
.Vt EVP_CIPHER_CTX
structure.
.Pp
.Fn EVP_CIPHER_mode
and
.Fn EVP_CIPHER_CTX_mode
return the block cipher mode:
.Dv EVP_CIPH_ECB_MODE ,
.Dv EVP_CIPH_CBC_MODE ,
.Dv EVP_CIPH_CFB_MODE ,
.Dv EVP_CIPH_OFB_MODE ,
.Dv EVP_CIPH_CTR_MODE ,
or
.Dv EVP_CIPH_XTS_MODE .
If the cipher is a stream cipher then
.Dv EVP_CIPH_STREAM_CIPHER
is returned.
.Pp
.Fn EVP_CIPHER_param_to_asn1
sets the ASN.1
.Vt AlgorithmIdentifier
parameter based on the passed cipher.
This will typically include any parameters and an IV.
The cipher IV (if any) must be set when this call is made.
This call should be made before the cipher is actually "used" (before any
.Fn EVP_EncryptUpdate
or
.Fn EVP_DecryptUpdate
calls, for example).
This function may fail if the cipher does not have any ASN.1 support.
.Pp
.Fn EVP_CIPHER_asn1_to_param
sets the cipher parameters based on an ASN.1
.Vt AlgorithmIdentifier
parameter.
The precise effect depends on the cipher.
In the case of RC2, for example, it will set the IV and effective
key length.
This function should be called after the base cipher type is set but
before the key is set.
For example
.Fn EVP_CipherInit
will be called with the IV and key set to
.Dv NULL ,
.Fn EVP_CIPHER_asn1_to_param
will be called and finally
.Fn EVP_CipherInit
again with all parameters except the key set to
.Dv NULL .
It is possible for this function to fail if the cipher does not
have any ASN.1 support or the parameters cannot be set (for example
the RC2 effective key length is not supported).
.Pp
.Fn EVP_CIPHER_CTX_ctrl
allows various cipher specific parameters to be determined and set.
Currently only the RC2 effective key length can be set.
.Pp
.Fn EVP_CIPHER_CTX_rand_key
generates a random key of the appropriate length based on the cipher
context.
The
.Vt EVP_CIPHER
can provide its own random key generation routine to support keys
of a specific form.
The
.Fa key
argument must point to a buffer at least as big as the value returned by
.Fn EVP_CIPHER_CTX_key_length .
.Pp
Where possible the EVP interface to symmetric ciphers should be
used in preference to the low level interfaces.
This is because the code then becomes transparent to the cipher used and
@ -938,8 +604,6 @@ for failure.
.Fn EVP_CIPHER_CTX_reset ,
.Fn EVP_CIPHER_CTX_cleanup ,
.Fn EVP_CIPHER_CTX_copy ,
.Fn EVP_CIPHER_CTX_get_iv ,
.Fn EVP_CIPHER_CTX_set_iv ,
.Fn EVP_EncryptInit_ex ,
.Fn EVP_EncryptUpdate ,
.Fn EVP_EncryptFinal_ex ,
@ -955,10 +619,8 @@ for failure.
.Fn EVP_DecryptFinal ,
.Fn EVP_CipherInit ,
.Fn EVP_CipherFinal ,
.Fn EVP_Cipher ,
.Fn EVP_CIPHER_CTX_set_key_length ,
and
.Fn EVP_CIPHER_CTX_rand_key
.Fn EVP_Cipher
return 1 for success or 0 for failure.
.Pp
.Fn EVP_CIPHER_CTX_encrypting
@ -967,18 +629,6 @@ returns 1 if
is initialized for encryption or 0 otherwise, in which case
it may be uninitialized or initialized for decryption.
.Pp
.Fn EVP_CIPHER_CTX_set_padding
always returns 1.
.Pp
.Fn EVP_CIPHER_CTX_ctrl
usually returns 1 for success, 0 for failure, or \-1 if the
.Fa type
is not supported by the
.Fa ctx ,
but there may be exceptions for some
.Fa type
arguments.
.Pp
.Fn EVP_get_cipherbyname ,
.Fn EVP_get_cipherbynid ,
and
@ -989,43 +639,10 @@ structure or
.Dv NULL
on error.
.Pp
.Fn EVP_CIPHER_nid
and
.Fn EVP_CIPHER_CTX_nid
return a NID.
.Pp
.Fn EVP_CIPHER_block_size
and
.Fn EVP_CIPHER_CTX_block_size
return the block size.
.Pp
.Fn EVP_CIPHER_key_length
and
.Fn EVP_CIPHER_CTX_key_length
return the key length.
.Pp
.Fn EVP_CIPHER_iv_length
and
.Fn EVP_CIPHER_CTX_iv_length
return the IV length or zero if the cipher does not use an IV.
.Pp
.Fn EVP_CIPHER_type
and
.Fn EVP_CIPHER_CTX_type
return the NID of the cipher's OBJECT IDENTIFIER or
.Dv NID_undef
if it has no defined OBJECT IDENTIFIER.
.Pp
.Fn EVP_CIPHER_CTX_cipher
returns an
.Vt EVP_CIPHER
structure.
.Pp
.Fn EVP_CIPHER_param_to_asn1
and
.Fn EVP_CIPHER_asn1_to_param
return greater than zero for success and zero or a negative number
for failure.
.Sh CIPHER LISTING
All algorithms have a fixed key length unless otherwise stated.
.Bl -tag -width Ds
@ -1064,9 +681,9 @@ RC2 algorithm in CBC mode with a default key length and effective key
length of 40 and 64 bits.
These are obsolete and new code should use
.Fn EVP_rc2_cbc ,
.Fn EVP_CIPHER_CTX_set_key_length ,
.Xr EVP_CIPHER_CTX_set_key_length 3 ,
and
.Fn EVP_CIPHER_CTX_ctrl
.Xr EVP_CIPHER_CTX_ctrl 3
to set the key length and effective key length.
.It Xo
.Fn EVP_bf_cbc ,
@ -1310,7 +927,10 @@ do_crypt(FILE *in, FILE *out, int do_encrypt)
.Xr EVP_aes_128_cbc 3 ,
.Xr EVP_camellia_128_cbc 3 ,
.Xr EVP_chacha20 3 ,
.Xr EVP_CIPHER_CTX_ctrl 3 ,
.Xr EVP_CIPHER_CTX_get_cipher_data 3 ,
.Xr EVP_CIPHER_CTX_set_flags 3 ,
.Xr EVP_CIPHER_nid 3 ,
.Xr EVP_des_cbc 3 ,
.Xr EVP_OpenInit 3 ,
.Xr EVP_rc4 3 ,
@ -1339,16 +959,7 @@ first appeared in SSLeay 0.5.1.
and
.Fn EVP_rc2_ofb
first appeared in SSLeay 0.5.2.
.Fn EVP_Cipher ,
.Fn EVP_CIPHER_block_size ,
.Fn EVP_CIPHER_key_length ,
.Fn EVP_CIPHER_iv_length ,
.Fn EVP_CIPHER_type ,
.Fn EVP_CIPHER_CTX_block_size ,
.Fn EVP_CIPHER_CTX_key_length ,
.Fn EVP_CIPHER_CTX_iv_length ,
and
.Fn EVP_CIPHER_CTX_type
.Fn EVP_Cipher
first appeared in SSLeay 0.6.5.
.Fn EVP_bf_cbc ,
.Fn EVP_bf_ecb ,
@ -1358,20 +969,13 @@ and
first appeared in SSLeay 0.6.6.
.Fn EVP_CIPHER_CTX_cleanup ,
.Fn EVP_get_cipherbyobj ,
.Fn EVP_CIPHER_nid ,
.Fn EVP_CIPHER_CTX_cipher ,
.Fn EVP_CIPHER_CTX_nid ,
.Fn EVP_CIPHER_CTX_get_app_data ,
.Fn EVP_CIPHER_CTX_set_app_data ,
and
.Fn EVP_enc_null
first appeared in SSLeay 0.8.0.
.Fn EVP_get_cipherbynid
first appeared in SSLeay 0.8.1.
.Fn EVP_CIPHER_CTX_init ,
.Fn EVP_CIPHER_param_to_asn1 ,
and
.Fn EVP_CIPHER_asn1_to_param
.Fn EVP_CIPHER_CTX_init
first appeared in SSLeay 0.9.0.
All these functions have been available since
.Ox 2.4 .
@ -1379,30 +983,16 @@ All these functions have been available since
.Fn EVP_rc2_40_cbc
and
.Fn EVP_rc2_64_cbc
first appeared in SSL_eay 0.9.1.
.Fn EVP_CIPHER_CTX_type
first appeared in OpenSSL 0.9.3.
These functions have been available since
first appeared in SSLeay 0.9.1 and have been available since
.Ox 2.6 .
.Pp
.Fn EVP_CIPHER_CTX_set_key_length ,
.Fn EVP_CIPHER_CTX_ctrl ,
.Fn EVP_CIPHER_flags ,
.Fn EVP_CIPHER_mode ,
.Fn EVP_CIPHER_CTX_flags ,
and
.Fn EVP_CIPHER_CTX_mode
first appeared in OpenSSL 0.9.6 and have been available since
.Ox 2.9 .
.Pp
.Fn EVP_EncryptInit_ex ,
.Fn EVP_EncryptFinal_ex ,
.Fn EVP_DecryptInit_ex ,
.Fn EVP_DecryptFinal_ex ,
.Fn EVP_CipherInit_ex ,
.Fn EVP_CipherFinal_ex ,
and
.Fn EVP_CIPHER_CTX_set_padding
.Fn EVP_CipherFinal_ex
first appeared in OpenSSL 0.9.7 and have been available since
.Ox 3.2 .
.Pp
@ -1414,13 +1004,10 @@ and
first appeared in OpenSSL 0.9.7e and have been available since
.Ox 3.8 .
.Pp
.Fn EVP_CIPHER_CTX_rand_key
first appeared in OpenSSL 0.9.8.
.Fn EVP_CIPHER_CTX_new
and
.Fn EVP_CIPHER_CTX_free
first appeared in OpenSSL 0.9.8b.
These functions have been available since
first appeared in OpenSSL 0.9.8b and have been available since
.Ox 4.5 .
.Pp
.Fn EVP_CIPHER_CTX_copy
@ -1435,27 +1022,7 @@ first appeared in OpenSSL 1.1.0 and has been available since
.Fn EVP_CIPHER_CTX_encrypting
first appeared in OpenSSL 1.1.0 and has been available since
.Ox 6.4 .
.Pp
.Fn EVP_CIPHER_CTX_get_iv
and
.Fn EVP_CIPHER_CTX_set_iv
first appeared in LibreSSL 2.8.1 and have been available since
.Ox 6.4 .
.Sh BUGS
.Dv EVP_MAX_KEY_LENGTH
and
.Dv EVP_MAX_IV_LENGTH
only refer to the internal ciphers with default key lengths.
If custom ciphers exceed these values, the results are unpredictable.
This is because it has become standard practice to define a generic key
as a fixed unsigned char array containing
.Dv EVP_MAX_KEY_LENGTH
bytes.
.Pp
The ASN.1 code is incomplete (and sometimes inaccurate).
It has only been tested for certain common S/MIME ciphers
(RC2, DES, triple DES) in CBC mode.
.Pp
.Fn EVP_CIPHER_CTX_copy
may already have cleared the data in
.Fa out

5
lib/libcrypto/man/Makefile
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.265 2023/08/30 00:58:57 tb Exp $
# $OpenBSD: Makefile,v 1.266 2023/08/31 17:27:41 schwarze Exp $
.include <bsd.own.mk>
@ -164,9 +164,12 @@ MAN= \
ESS_SIGNING_CERT_new.3 \
EVP_AEAD_CTX_init.3 \
EVP_BytesToKey.3 \
EVP_CIPHER_CTX_ctrl.3 \
EVP_CIPHER_CTX_get_cipher_data.3 \
EVP_CIPHER_CTX_set_flags.3 \
EVP_CIPHER_do_all.3 \
EVP_CIPHER_meth_new.3 \
EVP_CIPHER_nid.3 \
EVP_DigestInit.3 \
EVP_DigestSignInit.3 \
EVP_DigestVerifyInit.3 \

7
lib/libcrypto/man/evp.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: evp.3,v 1.21 2023/08/30 00:58:57 tb Exp $
.\" $OpenBSD: evp.3,v 1.22 2023/08/31 17:27:41 schwarze Exp $
.\" full merge up to: OpenSSL man7/evp 24a535ea Sep 22 13:14:20 2020 +0100
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>,
@ -51,7 +51,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: August 30 2023 $
.Dd $Mdocdate: August 31 2023 $
.Dt EVP 3
.Os
.Sh NAME
@ -199,9 +199,12 @@ operations are more efficient using the high-level interfaces.
.Xr EVP_BytesToKey 3 ,
.Xr EVP_camellia_128_cbc 3 ,
.Xr EVP_chacha20 3 ,
.Xr EVP_CIPHER_CTX_ctrl 3 ,
.Xr EVP_CIPHER_CTX_get_cipher_data 3 ,
.Xr EVP_CIPHER_CTX_set_flags 3 ,
.Xr EVP_CIPHER_do_all 3 ,
.Xr EVP_CIPHER_meth_new 3 ,
.Xr EVP_CIPHER_nid 3 ,
.Xr EVP_des_cbc 3 ,
.Xr EVP_DigestInit 3 ,
.Xr EVP_DigestSignInit 3 ,

24
regress/sbin/bioctl/Makefile
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.7 2023/08/30 16:45:57 kn Exp $
# $OpenBSD: Makefile,v 1.9 2023/08/30 17:40:08 kn Exp $
BIOCTL ?= /sbin/bioctl
@ -6,21 +6,27 @@ CHUNKFILE = disk.img
CHUNKDEVFILE = chunk.txt
VOLDEVFILE = vol.txt
ROUNDSFILE = rounds.txt
PASSFILE = passphrase.txt
OLDPW = oldsecret
NEWPW = securenew
NROUNDS ?= 17
REGRESS_SETUP_ONCE = create-chunk
REGRESS_SETUP_ONCE = create-chunk create-passfile
create-chunk:
dd if=/dev/zero of=${CHUNKFILE} bs=512k count=0 seek=1 status=none
${SUDO} vnconfig -- ${CHUNKFILE} 1>${CHUNKDEVFILE}
echo 'RAID *' | ${SUDO} disklabel -wAT- -- "$$(<${CHUNKDEVFILE})"
create-passfile:
${SUDO} install -o root -m u=rw,go= /dev/null ${PASSFILE}
printf '%s\n' '${OLDPW}' | ${SUDO} tee ${PASSFILE} 1>/dev/null
SUCCESS_TESTS = scripted-create-volume \
scripted-recreate-volume \
reopen-volume-with-passfile \
scripted-change-passphrase \
verify-increased-rounds
REGRESS_TARGETS = ${SUCCESS_TESTS}
@ -36,6 +42,10 @@ scripted-recreate-volume: detach-volume
${SUDO} ${BIOCTL} -s -Cforce -r${NROUNDS} -cC -l"$$(<${CHUNKDEVFILE})a" -- softraid0 | \
grep -o 'sd[0-9]*$$' -- 1>${VOLDEVFILE}
reopen-volume-with-passfile: detach-volume
${SUDO} ${BIOCTL} -p${PASSFILE} -cC -l"$$(<${CHUNKDEVFILE})a" -- softraid0 | \
grep -o 'sd[0-9]*$$' -- 1>${VOLDEVFILE}
scripted-change-passphrase:
printf '%s\n%s\n' '${OLDPW}' '${NEWPW}' | \
${SUDO} ${BIOCTL} -s -P -v -- "$$(<${VOLDEVFILE})" | \
@ -49,6 +59,8 @@ verify-increased-rounds:
FAILURE_TESTS = reuse-active-chunk \
use-public-passfile \
use-foreign-passfile \
set-empty-passphrase
REGRESS_EXPECTED_FAILURES += ${FAILURE_TESTS}
REGRESS_TARGETS += ${FAILURE_TESTS}
@ -57,6 +69,14 @@ REGRESS_ROOT_TARGETS += ${FAILURE_TESTS}
reuse-active-chunk:
${SUDO} ${BIOCTL} -cC -l"$$(<${CHUNKDEVFILE})a" -- softraid0
use-public-passfile:
${SUDO} chmod a=rwx ${PASSFILE}
${SUDO} ${BIOCTL} -p${PASSFILE} -P -- "$$(<${VOLDEVFILE})"
use-foreign-passfile:
${SUDO} chown build ${PASSFILE}
${SUDO} ${BIOCTL} -p${PASSFILE} -P -- "$$(<${VOLDEVFILE})"
set-empty-passphrase:
printf '\n' | ${SUDO} ${BIOCTL} -s -P -- "$$(<${VOLDEVFILE})"

41
sys/dev/fdt/if_dwqe_fdt.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: if_dwqe_fdt.c,v 1.14 2023/07/08 08:18:30 kettenis Exp $ */
/* $OpenBSD: if_dwqe_fdt.c,v 1.15 2023/08/30 19:08:48 kettenis Exp $ */
/*
* Copyright (c) 2008, 2019 Mark Kettenis <kettenis@openbsd.org>
* Copyright (c) 2017, 2022 Patrick Wildt <patrick@blueri.se>
@ -64,6 +64,7 @@
int dwqe_fdt_match(struct device *, void *, void *);
void dwqe_fdt_attach(struct device *, struct device *, void *);
void dwqe_setup_jh7110(struct dwqe_softc *);
void dwqe_mii_statchg_jh7110(struct device *);
void dwqe_setup_rk3568(struct dwqe_softc *);
void dwqe_mii_statchg_rk3568(struct device *);
void dwqe_mii_statchg_rk3588(struct device *);
@ -238,7 +239,10 @@ dwqe_fdt_attach(struct device *parent, struct device *self, void *aux)
if (dwqe_attach(sc) != 0)
return;
if (OF_is_compatible(faa->fa_node, "rockchip,rk3568-gmac"))
if (OF_is_compatible(faa->fa_node, "starfive,jh7110-dwmac") &&
!OF_getpropbool(faa->fa_node, "starfive,tx-use-rgmii-clk"))
sc->sc_mii.mii_statchg = dwqe_mii_statchg_jh7110;
else if (OF_is_compatible(faa->fa_node, "rockchip,rk3568-gmac"))
sc->sc_mii.mii_statchg = dwqe_mii_statchg_rk3568;
else if (OF_is_compatible(faa->fa_node, "rockchip,rk3588-gmac"))
sc->sc_mii.mii_statchg = dwqe_mii_statchg_rk3588;
@ -318,6 +322,7 @@ dwqe_reset_phy(struct dwqe_softc *sc, uint32_t phy)
#define RK3568_GMAC_TXCLK_DLY_SET(_v) ((1 << 0) << 16 | ((_v) << 0))
#define RK3568_GMAC_RXCLK_DLY_SET(_v) ((1 << 1) << 16 | ((_v) << 1))
void dwqe_mii_statchg_jh7110_task(void *);
void dwqe_mii_statchg_rk3568_task(void *);
void
@ -360,6 +365,38 @@ dwqe_setup_jh7110(struct dwqe_softc *sc)
reg &= ~(((1U << 3) - 1) << shift);
reg |= iface << shift;
regmap_write_4(rm, offset, reg);
task_set(&sc->sc_statchg_task,
dwqe_mii_statchg_jh7110_task, sc);
}
void
dwqe_mii_statchg_jh7110_task(void *arg)
{
struct dwqe_softc *sc = arg;
struct ifnet *ifp = &sc->sc_ac.ac_if;
dwqe_mii_statchg(&sc->sc_dev);
switch (ifp->if_baudrate) {
case IF_Mbps(10):
clock_set_frequency(sc->sc_node, "tx", 2500000);
break;
case IF_Mbps(100):
clock_set_frequency(sc->sc_node, "tx", 25000000);
break;
case IF_Mbps(1000):
clock_set_frequency(sc->sc_node, "tx", 125000000);
break;
}
}
void
dwqe_mii_statchg_jh7110(struct device *self)
{
struct dwqe_softc *sc = (void *)self;
task_add(systq, &sc->sc_statchg_task);
}
void

11
sys/dev/pci/drm/drm_aperture.c
View file

@ -32,17 +32,13 @@
*
* static int remove_conflicting_framebuffers(struct pci_dev *pdev)
* {
* bool primary = false;
* resource_size_t base, size;
* int ret;
*
* base = pci_resource_start(pdev, 0);
* size = pci_resource_len(pdev, 0);
* #ifdef CONFIG_X86
* primary = pdev->resource[PCI_ROM_RESOURCE].flags & IORESOURCE_ROM_SHADOW;
* #endif
*
* return drm_aperture_remove_conflicting_framebuffers(base, size, primary,
* return drm_aperture_remove_conflicting_framebuffers(base, size,
* &example_driver);
* }
*
@ -165,7 +161,6 @@ EXPORT_SYMBOL(devm_aperture_acquire_from_firmware);
* drm_aperture_remove_conflicting_framebuffers - remove existing framebuffers in the given range
* @base: the aperture's base address in physical memory
* @size: aperture size in bytes
* @primary: also kick vga16fb if present
* @req_driver: requesting DRM driver
*
* This function removes graphics device drivers which use the memory range described by
@ -175,9 +170,9 @@ EXPORT_SYMBOL(devm_aperture_acquire_from_firmware);
* 0 on success, or a negative errno code otherwise
*/
int drm_aperture_remove_conflicting_framebuffers(resource_size_t base, resource_size_t size,
bool primary, const struct drm_driver *req_driver)
const struct drm_driver *req_driver)
{
return aperture_remove_conflicting_devices(base, size, primary, req_driver->name);
return aperture_remove_conflicting_devices(base, size, false, req_driver->name);
}
EXPORT_SYMBOL(drm_aperture_remove_conflicting_framebuffers);

95
sys/dev/pci/drm/i915/gt/gen8_engine_cs.c
View file

@ -165,14 +165,60 @@ static u32 preparser_disable(bool state)
return MI_ARB_CHECK | 1 << 8 | state;
}
u32 *gen12_emit_aux_table_inv(struct intel_gt *gt, u32 *cs, const i915_reg_t inv_reg)
static i915_reg_t gen12_get_aux_inv_reg(struct intel_engine_cs *engine)
{
u32 gsi_offset = gt->uncore->gsi_offset;
switch (engine->id) {
case RCS0:
return GEN12_CCS_AUX_INV;
case BCS0:
return GEN12_BCS0_AUX_INV;
case VCS0:
return GEN12_VD0_AUX_INV;
case VCS2:
return GEN12_VD2_AUX_INV;
case VECS0:
return GEN12_VE0_AUX_INV;
case CCS0:
return GEN12_CCS0_AUX_INV;
default:
return INVALID_MMIO_REG;
}
}
static bool gen12_needs_ccs_aux_inv(struct intel_engine_cs *engine)
{
i915_reg_t reg = gen12_get_aux_inv_reg(engine);
if (IS_PONTEVECCHIO(engine->i915))
return false;
/*
* So far platforms supported by i915 having flat ccs do not require
* AUX invalidation. Check also whether the engine requires it.
*/
return i915_mmio_reg_valid(reg) && !HAS_FLAT_CCS(engine->i915);
}
u32 *gen12_emit_aux_table_inv(struct intel_engine_cs *engine, u32 *cs)
{
i915_reg_t inv_reg = gen12_get_aux_inv_reg(engine);
u32 gsi_offset = engine->gt->uncore->gsi_offset;
if (!gen12_needs_ccs_aux_inv(engine))
return cs;
*cs++ = MI_LOAD_REGISTER_IMM(1) | MI_LRI_MMIO_REMAP_EN;
*cs++ = i915_mmio_reg_offset(inv_reg) + gsi_offset;
*cs++ = AUX_INV;
*cs++ = MI_NOOP;
*cs++ = MI_SEMAPHORE_WAIT_TOKEN |
MI_SEMAPHORE_REGISTER_POLL |
MI_SEMAPHORE_POLL |
MI_SEMAPHORE_SAD_EQ_SDD;
*cs++ = 0;
*cs++ = i915_mmio_reg_offset(inv_reg) + gsi_offset;
*cs++ = 0;
*cs++ = 0;
return cs;
}
@ -181,7 +227,11 @@ int gen12_emit_flush_rcs(struct i915_request *rq, u32 mode)
{
struct intel_engine_cs *engine = rq->engine;
if (mode & EMIT_FLUSH) {
/*
* On Aux CCS platforms the invalidation of the Aux
* table requires quiescing memory traffic beforehand
*/
if (mode & EMIT_FLUSH || gen12_needs_ccs_aux_inv(engine)) {
u32 flags = 0;
u32 *cs;
@ -236,10 +286,9 @@ int gen12_emit_flush_rcs(struct i915_request *rq, u32 mode)
else if (engine->class == COMPUTE_CLASS)
flags &= ~PIPE_CONTROL_3D_ENGINE_FLAGS;
if (!HAS_FLAT_CCS(rq->engine->i915))
count = 8 + 4;
else
count = 8;
count = 8;
if (gen12_needs_ccs_aux_inv(rq->engine))
count += 8;
cs = intel_ring_begin(rq, count);
if (IS_ERR(cs))
@ -254,11 +303,7 @@ int gen12_emit_flush_rcs(struct i915_request *rq, u32 mode)
cs = gen8_emit_pipe_control(cs, flags, LRC_PPHWSP_SCRATCH_ADDR);
if (!HAS_FLAT_CCS(rq->engine->i915)) {
/* hsdes: 1809175790 */
cs = gen12_emit_aux_table_inv(rq->engine->gt, cs,
GEN12_CCS_AUX_INV);
}
cs = gen12_emit_aux_table_inv(engine, cs);
*cs++ = preparser_disable(false);
intel_ring_advance(rq, cs);
@ -269,21 +314,14 @@ int gen12_emit_flush_rcs(struct i915_request *rq, u32 mode)
int gen12_emit_flush_xcs(struct i915_request *rq, u32 mode)
{
intel_engine_mask_t aux_inv = 0;
u32 cmd, *cs;
u32 cmd = 4;
u32 *cs;
cmd = 4;
if (mode & EMIT_INVALIDATE) {
cmd += 2;
if (!HAS_FLAT_CCS(rq->engine->i915) &&
(rq->engine->class == VIDEO_DECODE_CLASS ||
rq->engine->class == VIDEO_ENHANCEMENT_CLASS)) {
aux_inv = rq->engine->mask &
~GENMASK(_BCS(I915_MAX_BCS - 1), BCS0);
if (aux_inv)
cmd += 4;
}
if (gen12_needs_ccs_aux_inv(rq->engine))
cmd += 8;
}
cs = intel_ring_begin(rq, cmd);
@ -314,14 +352,7 @@ int gen12_emit_flush_xcs(struct i915_request *rq, u32 mode)
*cs++ = 0; /* upper addr */
*cs++ = 0; /* value */
if (aux_inv) { /* hsdes: 1809175790 */
if (rq->engine->class == VIDEO_DECODE_CLASS)
cs = gen12_emit_aux_table_inv(rq->engine->gt,
cs, GEN12_VD0_AUX_INV);
else
cs = gen12_emit_aux_table_inv(rq->engine->gt,
cs, GEN12_VE0_AUX_INV);
}
cs = gen12_emit_aux_table_inv(rq->engine, cs);
if (mode & EMIT_INVALIDATE)
*cs++ = preparser_disable(false);

3
sys/dev/pci/drm/i915/gt/gen8_engine_cs.h
View file

@ -13,6 +13,7 @@
#include "intel_gt_regs.h"
#include "intel_gpu_commands.h"
struct intel_engine_cs;
struct intel_gt;
struct i915_request;
@ -46,7 +47,7 @@ u32 *gen8_emit_fini_breadcrumb_rcs(struct i915_request *rq, u32 *cs);
u32 *gen11_emit_fini_breadcrumb_rcs(struct i915_request *rq, u32 *cs);
u32 *gen12_emit_fini_breadcrumb_rcs(struct i915_request *rq, u32 *cs);
u32 *gen12_emit_aux_table_inv(struct intel_gt *gt, u32 *cs, const i915_reg_t inv_reg);
u32 *gen12_emit_aux_table_inv(struct intel_engine_cs *engine, u32 *cs);
static inline u32 *
__gen8_emit_pipe_control(u32 *batch, u32 flags0, u32 flags1, u32 offset)

1
sys/dev/pci/drm/i915/gt/intel_gpu_commands.h
View file

@ -120,6 +120,7 @@
#define MI_SEMAPHORE_TARGET(engine) ((engine)<<15)
#define MI_SEMAPHORE_WAIT MI_INSTR(0x1c, 2) /* GEN8+ */
#define MI_SEMAPHORE_WAIT_TOKEN MI_INSTR(0x1c, 3) /* GEN12+ */
#define MI_SEMAPHORE_REGISTER_POLL (1 << 16)
#define MI_SEMAPHORE_POLL (1 << 15)
#define MI_SEMAPHORE_SAD_GT_SDD (0 << 12)
#define MI_SEMAPHORE_SAD_GTE_SDD (1 << 12)

17
sys/dev/pci/drm/i915/gt/intel_lrc.c
View file

@ -1301,10 +1301,7 @@ gen12_emit_indirect_ctx_rcs(const struct intel_context *ce, u32 *cs)
IS_DG2_G11(ce->engine->i915))
cs = gen8_emit_pipe_control(cs, PIPE_CONTROL_INSTRUCTION_CACHE_INVALIDATE, 0);
/* hsdes: 1809175790 */
if (!HAS_FLAT_CCS(ce->engine->i915))
cs = gen12_emit_aux_table_inv(ce->engine->gt,
cs, GEN12_CCS_AUX_INV);
cs = gen12_emit_aux_table_inv(ce->engine, cs);
/* Wa_16014892111 */
if (IS_DG2(ce->engine->i915))
@ -1327,17 +1324,7 @@ gen12_emit_indirect_ctx_xcs(const struct intel_context *ce, u32 *cs)
PIPE_CONTROL_INSTRUCTION_CACHE_INVALIDATE,
0);
/* hsdes: 1809175790 */
if (!HAS_FLAT_CCS(ce->engine->i915)) {
if (ce->engine->class == VIDEO_DECODE_CLASS)
cs = gen12_emit_aux_table_inv(ce->engine->gt,
cs, GEN12_VD0_AUX_INV);
else if (ce->engine->class == VIDEO_ENHANCEMENT_CLASS)
cs = gen12_emit_aux_table_inv(ce->engine->gt,
cs, GEN12_VE0_AUX_INV);
}
return cs;
return gen12_emit_aux_table_inv(ce->engine, cs);
}
static void

35
sys/dev/pci/drm/i915/i915_driver.c
View file

@ -603,7 +603,6 @@ static int i915_pcode_init(struct drm_i915_private *i915)
static int i915_driver_hw_probe(struct drm_i915_private *dev_priv)
{
struct pci_dev *pdev = dev_priv->drm.pdev;
struct pci_dev *root_pdev;
int ret;
if (i915_inject_probe_failure(dev_priv))
@ -715,17 +714,6 @@ static int i915_driver_hw_probe(struct drm_i915_private *dev_priv)
intel_bw_init_hw(dev_priv);
/*
* FIXME: Temporary hammer to avoid freezing the machine on our DGFX
* This should be totally removed when we handle the pci states properly
* on runtime PM and on s2idle cases.
*/
#ifdef notyet
root_pdev = pcie_find_root_port(pdev);
if (root_pdev)
pci_d3cold_disable(root_pdev);
#endif
return 0;
err_msi:
@ -751,16 +739,11 @@ static void i915_driver_hw_remove(struct drm_i915_private *dev_priv)
STUB();
#ifdef notyet
struct pci_dev *pdev = dev_priv->drm.pdev;
struct pci_dev *root_pdev;
i915_perf_fini(dev_priv);
if (pdev->msi_enabled)
pci_disable_msi(pdev);
root_pdev = pcie_find_root_port(pdev);
if (root_pdev)
pci_d3cold_enable(root_pdev);
#endif
}
@ -1785,6 +1768,8 @@ static int intel_runtime_suspend(struct device *kdev)
{
struct drm_i915_private *dev_priv = kdev_to_i915(kdev);
struct intel_runtime_pm *rpm = &dev_priv->runtime_pm;
struct pci_dev *pdev = to_pci_dev(dev_priv->drm.dev);
struct pci_dev *root_pdev;
struct intel_gt *gt;
int ret, i;
@ -1834,6 +1819,15 @@ static int intel_runtime_suspend(struct device *kdev)
drm_err(&dev_priv->drm,
"Unclaimed access detected prior to suspending\n");
/*
* FIXME: Temporary hammer to avoid freezing the machine on our DGFX
* This should be totally removed when we handle the pci states properly
* on runtime PM.
*/
root_pdev = pcie_find_root_port(pdev);
if (root_pdev)
pci_d3cold_disable(root_pdev);
rpm->suspended = true;
/*
@ -1872,6 +1866,8 @@ static int intel_runtime_resume(struct device *kdev)
{
struct drm_i915_private *dev_priv = kdev_to_i915(kdev);
struct intel_runtime_pm *rpm = &dev_priv->runtime_pm;
struct pci_dev *pdev = to_pci_dev(dev_priv->drm.dev);
struct pci_dev *root_pdev;
struct intel_gt *gt;
int ret, i;
@ -1885,6 +1881,11 @@ static int intel_runtime_resume(struct device *kdev)
intel_opregion_notify_adapter(dev_priv, PCI_D0);
rpm->suspended = false;
root_pdev = pcie_find_root_port(pdev);
if (root_pdev)
pci_d3cold_enable(root_pdev);
if (intel_uncore_unclaimed_mmio(&dev_priv->uncore))
drm_dbg(&dev_priv->drm,
"Unclaimed access during suspend, bios?\n");

2
sys/dev/pci/drm/include/drm/display/drm_dp.h
View file

@ -1525,7 +1525,7 @@ enum drm_dp_phy {
#define DP_BRANCH_OUI_HEADER_SIZE 0xc
#define DP_RECEIVER_CAP_SIZE 0xf
#define DP_DSC_RECEIVER_CAP_SIZE 0xf
#define DP_DSC_RECEIVER_CAP_SIZE 0x10 /* DSC Capabilities 0x60 through 0x6F */
#define EDP_PSR_RECEIVER_CAP_SIZE 2
#define EDP_DISPLAY_CTL_CAP_SIZE 3
#define DP_LTTPR_COMMON_CAP_SIZE 8

7
sys/dev/pci/drm/include/drm/drm_aperture.h
View file

@ -13,14 +13,13 @@ int devm_aperture_acquire_from_firmware(struct drm_device *dev, resource_size_t
resource_size_t size);
int drm_aperture_remove_conflicting_framebuffers(resource_size_t base, resource_size_t size,
bool primary, const struct drm_driver *req_driver);
const struct drm_driver *req_driver);
int drm_aperture_remove_conflicting_pci_framebuffers(struct pci_dev *pdev,
const struct drm_driver *req_driver);
/**
* drm_aperture_remove_framebuffers - remove all existing framebuffers
* @primary: also kick vga16fb if present
* @req_driver: requesting DRM driver
*
* This function removes all graphics device drivers. Use this function on systems
@ -30,9 +29,9 @@ int drm_aperture_remove_conflicting_pci_framebuffers(struct pci_dev *pdev,
* 0 on success, or a negative errno code otherwise
*/
static inline int
drm_aperture_remove_framebuffers(bool primary, const struct drm_driver *req_driver)
drm_aperture_remove_framebuffers(const struct drm_driver *req_driver)
{
return drm_aperture_remove_conflicting_framebuffers(0, (resource_size_t)-1, primary,
return drm_aperture_remove_conflicting_framebuffers(0, (resource_size_t)-1,
req_driver);
}

96
usr.bin/make/cmd_exec.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: cmd_exec.c,v 1.11 2020/01/16 16:07:18 espie Exp $ */
/* $OpenBSD: cmd_exec.c,v 1.12 2023/08/31 06:53:28 espie Exp $ */
/*
* Copyright (c) 2001 Marc Espie.
*
@ -28,6 +28,7 @@
#include <sys/wait.h>
#include <errno.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include "config.h"
#include "defines.h"
@ -36,11 +37,93 @@
#include "memory.h"
#include "pathnames.h"
#include "job.h"
#include "str.h"
/* The following array is used to make a fast determination of which
* characters are interpreted specially by the shell. If a command
* contains any of these characters, it is executed by the shell, not
* directly by us. */
static char meta[256];
void
CmdExec_Init(void)
{
char *p;
for (p = "#=|^(){};&<>*?[]:$`\\\n~"; *p != '\0'; p++)
meta[(unsigned char) *p] = 1;
/* The null character serves as a sentinel in the string. */
meta[0] = 1;
}
static char **
recheck_command_for_shell(char **av)
{
char *runsh[] = {
"!", "alias", "cd", "eval", "exit", "read", "set", "ulimit",
"unalias", "unset", "wait", "umask", NULL
};
char **p;
/* optimization: if exec cmd, we avoid the intermediate shell */
if (strcmp(av[0], "exec") == 0)
av++;
if (!av[0])
return NULL;
for (p = runsh; *p; p++)
if (strcmp(av[0], *p) == 0)
return NULL;
return av;
}
void
run_command(const char *cmd, bool errCheck)
{
const char *p;
char *shargv[4];
char **todo;
shargv[0] = _PATH_BSHELL;
shargv[1] = errCheck ? "-ec" : "-c";
shargv[2] = (char *)cmd;
shargv[3] = NULL;
todo = shargv;
/* Search for meta characters in the command. If there are no meta
* characters, there's no need to execute a shell to execute the
* command. */
for (p = cmd; !meta[(unsigned char)*p]; p++)
continue;
if (*p == '\0') {
char *bp;
char **av;
int argc;
/* No meta-characters, so probably no need to exec a shell.
* Break the command into words to form an argument vector
* we can execute. */
av = brk_string(cmd, &argc, &bp);
av = recheck_command_for_shell(av);
if (av != NULL)
todo = av;
}
execvp(todo[0], todo);
if (errno == ENOENT)
fprintf(stderr, "%s: not found\n", todo[0]);
else
perror(todo[0]);
_exit(1);
}
char *
Cmd_Exec(const char *cmd, char **err)
{
char *args[4]; /* Args for invoking the shell */
int fds[2]; /* Pipe streams */
pid_t cpid; /* Child PID */
char *result; /* Result */
@ -53,12 +136,6 @@ Cmd_Exec(const char *cmd, char **err)
*err = NULL;
/* Set up arguments for the shell. */
args[0] = "sh";
args[1] = "-c";
args[2] = (char *)cmd;
args[3] = NULL;
/* Open a pipe for retrieving shell's output. */
if (pipe(fds) == -1) {
*err = "Couldn't create pipe for \"%s\"";
@ -82,8 +159,7 @@ Cmd_Exec(const char *cmd, char **err)
(void)close(fds[1]);
}
(void)execv(_PATH_BSHELL, args);
_exit(1);
run_command(cmd, false);
/*NOTREACHED*/
case -1:

4
usr.bin/make/cmd_exec.h
View file

@ -1,6 +1,6 @@
#ifndef CMD_EXEC_H
#define CMD_EXEC_H
/* $OpenBSD: cmd_exec.h,v 1.4 2010/07/19 19:46:43 espie Exp $ */
/* $OpenBSD: cmd_exec.h,v 1.5 2023/08/31 06:53:28 espie Exp $ */
/*
* Copyright (c) 2001 Marc Espie.
@ -34,4 +34,6 @@
* The output result should always be freed by the caller. */
extern char *Cmd_Exec(const char *, char **);
extern void CmdExec_Init(void);
extern __dead void run_command(const char *, bool);
#endif

101
usr.bin/make/engine.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: engine.c,v 1.71 2023/05/30 04:42:21 espie Exp $ */
/* $OpenBSD: engine.c,v 1.72 2023/08/31 06:53:28 espie Exp $ */
/*
* Copyright (c) 2012 Marc Espie.
*
@ -75,6 +75,7 @@
#include <unistd.h>
#include "config.h"
#include "defines.h"
#include "cmd_exec.h"
#include "dir.h"
#include "engine.h"
#include "arch.h"
@ -88,7 +89,6 @@
#include "make.h"
#include "pathnames.h"
#include "error.h"
#include "str.h"
#include "memory.h"
#include "buf.h"
#include "job.h"
@ -96,9 +96,6 @@
static void MakeTimeStamp(void *, void *);
static int rewrite_time(const char *);
static void setup_meta(void);
static void setup_engine(void);
static char **recheck_command_for_shell(char **);
static void list_parents(GNode *, FILE *);
/* XXX due to a bug in make's logic, targets looking like *.a or -l*
@ -508,88 +505,6 @@ Make_OODate(GNode *gn)
return oodate;
}
/* The following array is used to make a fast determination of which
* characters are interpreted specially by the shell. If a command
* contains any of these characters, it is executed by the shell, not
* directly by us. */
static char meta[256];
void
setup_meta(void)
{
char *p;
for (p = "#=|^(){};&<>*?[]:$`\\\n~"; *p != '\0'; p++)
meta[(unsigned char) *p] = 1;
/* The null character serves as a sentinel in the string. */
meta[0] = 1;
}
static char **
recheck_command_for_shell(char **av)
{
char *runsh[] = {
"!", "alias", "cd", "eval", "exit", "read", "set", "ulimit",
"unalias", "unset", "wait", "umask", NULL
};
char **p;
/* optimization: if exec cmd, we avoid the intermediate shell */
if (strcmp(av[0], "exec") == 0)
av++;
if (!av[0])
return NULL;
for (p = runsh; *p; p++)
if (strcmp(av[0], *p) == 0)
return NULL;
return av;
}
static void
run_command(const char *cmd, bool errCheck)
{
const char *p;
char *shargv[4];
char **todo;
shargv[0] = _PATH_BSHELL;
shargv[1] = errCheck ? "-ec" : "-c";
shargv[2] = (char *)cmd;
shargv[3] = NULL;
todo = shargv;
/* Search for meta characters in the command. If there are no meta
* characters, there's no need to execute a shell to execute the
* command. */
for (p = cmd; !meta[(unsigned char)*p]; p++)
continue;
if (*p == '\0') {
char *bp;
char **av;
int argc;
/* No meta-characters, so probably no need to exec a shell.
* Break the command into words to form an argument vector
* we can execute. */
av = brk_string(cmd, &argc, &bp);
av = recheck_command_for_shell(av);
if (av != NULL)
todo = av;
}
execvp(todo[0], todo);
if (errno == ENOENT)
fprintf(stderr, "%s: not found\n", todo[0]);
else
perror(todo[0]);
_exit(1);
}
void
job_attach_node(Job *job, GNode *node)
@ -696,17 +611,6 @@ run_gnode(GNode *gn)
}
static void
setup_engine(void)
{
static int already_setup = 0;
if (!already_setup) {
setup_meta();
already_setup = 1;
}
}
static bool
do_run_command(Job *job, const char *pre)
{
@ -799,7 +703,6 @@ job_run_next(Job *job)
bool started;
GNode *gn = job->node;
setup_engine();
while (job->next_cmd != NULL) {
struct command *command = Lst_Datum(job->next_cmd);

4
usr.bin/make/init.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: init.c,v 1.8 2020/01/16 16:07:18 espie Exp $ */
/* $OpenBSD: init.c,v 1.9 2023/08/31 06:53:28 espie Exp $ */
/*
* Copyright (c) 2001 Marc Espie.
@ -37,11 +37,13 @@
#include "targ.h"
#include "suff.h"
#include "job.h"
#include "cmd_exec.h"
void
Init(void)
{
Sigset_Init();
CmdExec_Init();
Init_Timestamp();
Init_Stats();
Targ_Init();

322
usr.sbin/fw_update/fw_update.sh
View file

@ -1,7 +1,7 @@
#!/bin/ksh
# $OpenBSD: fw_update.sh,v 1.44 2022/12/12 02:30:51 afresh1 Exp $
# $OpenBSD: fw_update.sh,v 1.45 2023/08/31 18:19:21 afresh1 Exp $
#
# Copyright (c) 2021 Andrew Hewus Fresh <afresh1@openbsd.org>
# Copyright (c) 2021,2023 Andrew Hewus Fresh <afresh1@openbsd.org>
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@ -40,18 +40,39 @@ DELETE=false
DOWNLOAD=true
INSTALL=true
LOCALSRC=
ENABLE_SPINNER=false
[ -t 1 ] && ENABLE_SPINNER=true
integer STATUS_FD=1
integer WARN_FD=2
FD_DIR=
unset FTPPID
unset LOCKPID
unset FWPKGTMP
REMOVE_LOCALSRC=false
status() { echo -n "$*" >&"$STATUS_FD"; }
warn() { echo "$*" >&"$WARN_FD"; }
cleanup() {
set +o errexit # ignore errors from killing ftp
if [ -d "$FD_DIR" ]; then
echo "" >&"$STATUS_FD"
exec 4>&-
[ -s "$FD_DIR/status" ] && cat "$FD_DIR/status"
[ -s "$FD_DIR/warn" ] && cat "$FD_DIR/warn" >&2
rm -rf "$FD_DIR"
fi
[ "${FTPPID:-}" ] && kill -TERM -"$FTPPID" 2>/dev/null
[ "${LOCKPID:-}" ] && kill -TERM -"$LOCKPID" 2>/dev/null
[ "${FWPKGTMP:-}" ] && rm -rf "$FWPKGTMP"
"$REMOVE_LOCALSRC" && rm -rf "$LOCALSRC"
[ -e "${CFILE}" ] && [ ! -s "$CFILE" ] && rm -f "$CFILE"
[ -e "$CFILE" ] && [ ! -s "$CFILE" ] && rm -f "$CFILE"
}
trap cleanup EXIT
@ -70,6 +91,20 @@ tmpdir() {
echo "$_dir"
}
spin() {
if ! "$ENABLE_SPINNER"; then
sleep 1
return 0
fi
{
for p in '/' '-' '\\' '|' '/' '-' '\\' '|'; do
echo -n "$p"'\010'
sleep 0.125
done
}>/dev/tty
}
fetch() {
local _src="${FWURL}/${1##*/}" _dst=$1 _user=_file _exit _error=''
@ -99,13 +134,13 @@ fetch() {
if [[ $_last -ne $5 ]]; then
_last=$5
SECONDS=0
sleep 1
spin
else
kill -INT -"$FTPPID" 2>/dev/null
_error=" (timed out)"
fi
else
sleep 1
spin
fi
done
@ -118,7 +153,7 @@ fetch() {
if [ "$_exit" -ne 0 ]; then
rm -f "$_dst"
echo "Cannot fetch $_src$_error" >&2
warn "Cannot fetch $_src$_error"
return 1
fi
@ -133,7 +168,7 @@ check_cfile() {
[ -s "$CFILE" ] || return 1
return 0
fi
if ! fetch_cfile "$@"; then
if ! fetch_cfile; then
echo -n > "$CFILE"
return 1
fi
@ -146,10 +181,10 @@ fetch_cfile() {
fetch "$CFILE" || return 1
set -o noclobber
! signify -qVep "$FWPUB_KEY" -x "$CFILE" -m "$CFILE" &&
echo "Signature check of SHA256.sig failed" >&2 &&
warn "Signature check of SHA256.sig failed" &&
rm -f "$CFILE" && return 1
elif [ ! -e "$CFILE" ]; then
echo "${0##*/}: $CFILE: No such file or directory" >&2
warn "${0##*/}: $CFILE: No such file or directory"
return 1
fi
@ -159,14 +194,25 @@ fetch_cfile() {
verify() {
check_cfile || return 1
# The installer sha256 lacks -C, do it by hand
if ! fgrep -qx "SHA256 (${1##*/}) = $( /bin/sha256 -qb "$1" )" "$CFILE"; then
((VERBOSE != 1)) && echo "Checksum test for ${1##*/} failed." >&2
if ! grep -Fqx "SHA256 (${1##*/}) = $( /bin/sha256 -qb "$1" )" "$CFILE"
then
((VERBOSE != 1)) && warn "Checksum test for ${1##*/} failed."
return 1
fi
return 0
}
# When verifying existing files that we are going to re-download
# if VERBOSE is 0, don't show the checksum failure of an existing file.
verify_existing() {
local _v=$VERBOSE
check_cfile || return 1
((_v == 0)) && "$DOWNLOAD" && _v=1
( VERBOSE=$_v verify "$@" )
}
firmware_in_dmesg() {
local IFS
local _d _m _dmesgtail _last='' _nl='
@ -187,7 +233,7 @@ firmware_in_dmesg() {
case $# in
1|2|3) [[ $_dmesgtail = *$1*([!$_nl])${2-}*([!$_nl])${3-}* ]] || continue;;
*) echo "${0##*/}: Bad pattern '${_m#$_nl}' in $FWPATTERNS" >&2; exit 1 ;;
*) warn "${0##*/}: Bad pattern '${_m#$_nl}' in $FWPATTERNS"; exit 1 ;;
esac
echo "$_d"
@ -329,7 +375,7 @@ delete_firmware() {
if [ ! -e "$_cwd/+CONTENTS" ] ||
! grep -Fxq '@option firmware' "$_cwd/+CONTENTS"; then
echo "${0##*/}: $_pkg does not appear to be firmware" >&2
warn "${0##*/}: $_pkg does not appear to be firmware"
return 2
fi
@ -389,17 +435,20 @@ do
p) LOCALSRC="$OPTARG" ;;
v) ((++VERBOSE)) ;;
:)
echo "${0##*/}: option requires an argument -- -$OPTARG" >&2
warn "${0##*/}: option requires an argument -- -$OPTARG"
usage
;;
?)
echo "${0##*/}: unknown option -- -$OPTARG" >&2
warn "${0##*/}: unknown option -- -$OPTARG"
usage
;;
esac
done
shift $((OPTIND - 1))
# Progress bars, not spinner When VERBOSE > 1
((VERBOSE > 1)) && ENABLE_SPINNER=false
if [ "$LOCALSRC" ]; then
if [[ $LOCALSRC = @(ftp|http?(s))://* ]]; then
FWURL="${LOCALSRC}"
@ -407,7 +456,7 @@ if [ "$LOCALSRC" ]; then
else
LOCALSRC="${LOCALSRC#file:}"
! [ -d "$LOCALSRC" ] &&
echo "The path must be a URL or an existing directory" >&2 &&
warn "The path must be a URL or an existing directory" &&
exit 1
fi
fi
@ -424,7 +473,7 @@ if [ "$OPT_F" ]; then
rm -f "$LOCALSRC/$CFILE-OLD"
else
mv "$LOCALSRC/$CFILE-OLD" "$LOCALSRC/$CFILE"
echo "Using existing $CFILE" >&2
warn "Using existing $CFILE"
fi
fi
elif [ "$LOCALSRC" ]; then
@ -432,14 +481,34 @@ elif [ "$LOCALSRC" ]; then
fi
if [ -x /usr/bin/id ] && [ "$(/usr/bin/id -u)" != 0 ]; then
echo "need root privileges" >&2
warn "need root privileges"
exit 1
fi
set -sA devices -- "$@"
# In the normal case, we output the status line piecemeal
# so we save warnings to output at the end to not disrupt
# the single line status.
# Actual errors from things like ftp will stil interrupt,
# but it's impossible to know if it's a message people need
# to see now or something that can wait.
# In the verbose case, we instead print out single lines
# or progress bars for each thing we are doing,
# so instead we save up the final status line for the end.
FD_DIR="$( tmpdir "${DESTDIR}/tmp/${0##*/}-fd" )"
if ((VERBOSE)); then
exec 4>"${FD_DIR}/status"
STATUS_FD=4
else
exec 4>"${FD_DIR}/warn"
WARN_FD=4
fi
status "${0##*/}:"
if "$DELETE"; then
[ "$OPT_F" ] && echo "Cannot use -F and -d" >&2 && usage
[ "$OPT_F" ] && warn "Cannot use -F and -d" && usage
lock_db
# Show the "Uninstall" message when just deleting not upgrading
@ -447,7 +516,7 @@ if "$DELETE"; then
set -A installed
if [ "${devices[*]:-}" ]; then
"$ALL" && echo "Cannot use -a and devices/files" >&2 && usage
"$ALL" && warn "Cannot use -a and devices/files" && usage
set -A installed -- $(
for d in "${devices[@]}"; do
@ -460,7 +529,7 @@ if "$DELETE"; then
if [ "${i[*]:-}" ]; then
echo "${i[@]}"
else
echo "No firmware found for '$d'" >&2
warn "No firmware found for '$d'"
fi
done
)
@ -468,20 +537,22 @@ if "$DELETE"; then
set -A installed -- $( installed_firmware '*' '-firmware-' '*' )
fi
deleted=''
status " delete "
comma=''
if [ "${installed:-}" ]; then
for fw in "${installed[@]}"; do
status "$comma$( firmware_devicename "$fw" )"
comma=,
if "$DRYRUN"; then
((VERBOSE)) && echo "Delete $fw"
else
delete_firmware "$fw" || continue
fi
deleted="$deleted,$( firmware_devicename "$fw" )"
done
fi
deleted="${deleted#,}"
echo "${0:##*/}: deleted ${deleted:-none}";
[ "$comma" ] || status none
exit
fi
@ -494,7 +565,7 @@ fi
CFILE="$LOCALSRC/$CFILE"
if [ "${devices[*]:-}" ]; then
"$ALL" && echo "Cannot use -a and devices/files" >&2 && usage
"$ALL" && warn "Cannot use -a and devices/files" && usage
else
((VERBOSE > 1)) && echo -n "Detect firmware ..."
set -sA devices -- $( detect_firmware )
@ -503,10 +574,11 @@ else
fi
added=''
updated=''
set -A add ''
set -A update ''
kept=''
unregister=''
if [ "${devices[*]:-}" ]; then
lock_db
for f in "${devices[@]}"; do
@ -519,44 +591,53 @@ if [ "${devices[*]:-}" ]; then
if "$INSTALL" && unregister_firmware "$d"; then
unregister="$unregister,$d"
else
echo "Unable to find firmware for $d" >&2
warn "Unable to find firmware for $d"
fi
continue
fi
f="$LOCALSRC/$f"
elif ! "$INSTALL" && ! grep -Fq "($f)" "$CFILE" ; then
echo "Cannot download local file $f" >&2
warn "Cannot download local file $f"
exit 1
else
# Don't verify files specified on the command-line
verify_existing=false
fi
set -A installed -- $( installed_firmware '' "$d-firmware-" '*' )
set -A installed
if "$INSTALL"; then
set -A installed -- \
$( installed_firmware '' "$d-firmware-" '*' )
if "$INSTALL" && [ "${installed[*]:-}" ]; then
for i in "${installed[@]}"; do
if [ "${f##*/}" = "$i.tgz" ]; then
((VERBOSE > 2)) && echo "Keep $i"
kept="$kept,$d"
continue 2
fi
done
if [ "${installed[*]:-}" ]; then
for i in "${installed[@]}"; do
if [ "${f##*/}" = "$i.tgz" ]; then
((VERBOSE > 2)) \
&& echo "Keep $i"
kept="$kept,$d"
continue 2
fi
done
fi
fi
pending_status=false
if "$verify_existing" && [ -e "$f" ]; then
pending_status=false
if ((VERBOSE == 1)); then
echo -n "Verify ${f##*/} ..."
pending_status=true
elif ((VERBOSE > 1)) && ! "$INSTALL"; then
echo "Keep/Verify ${f##*/}"
echo "Keep/Verify ${f##*/}"
fi
if "$DRYRUN" || verify "$f"; then
"$INSTALL" || kept="$kept,$d"
if "$DRYRUN" || verify_existing "$f"; then
"$pending_status" && echo " done."
if ! "$INSTALL"; then
kept="$kept,$d"
continue
fi
elif "$DOWNLOAD"; then
((VERBOSE == 1)) && echo " failed."
"$pending_status" && echo " failed."
((VERBOSE > 1)) && echo "Refetching $f"
rm -f "$f"
else
@ -565,67 +646,110 @@ if [ "${devices[*]:-}" ]; then
fi
fi
if [ -e "$f" ]; then
"$pending_status" && ! "$INSTALL" && echo " done."
elif "$DOWNLOAD"; then
if "$DRYRUN"; then
((VERBOSE)) && echo "Get/Verify ${f##*/}"
else
if ((VERBOSE == 1)); then
echo -n "Get/Verify ${f##*/} ..."
pending_status=true
fi
fetch "$f" &&
verify "$f" || {
"$pending_status" && echo " failed."
continue
}
"$pending_status" && ! "$INSTALL" && echo " done."
fi
"$INSTALL" || added="$added,$d"
elif "$INSTALL"; then
echo "Cannot install ${f##*/}, not found" >&2
continue
fi
"$INSTALL" || continue
update="Install"
if [ "${installed[*]:-}" ]; then
update="Update"
for i in "${installed[@]}"; do
"$DRYRUN" || delete_firmware "$i"
done
set -A update -- "${update[@]}" "$f"
else
set -A add -- "${add[@]}" "$f"
fi
if "$DRYRUN"; then
((VERBOSE)) && echo "$update $f"
else
if ((VERBOSE == 1)) && ! "$pending_status"; then
echo -n "Install ${f##*/} ..."
pending_status=true
fi
add_firmware "$f" "$update"
fi
f="${f##*/}"
f="${f%.tgz}"
if [ "$update" = Install ]; then
"$pending_status" && echo " installed."
added="$added,$d"
else
"$pending_status" && echo " updated."
updated="$updated,$d"
fi
done
fi
added="${added:#,}"
updated="${updated:#,}"
kept="${kept:#,}"
[ "${unregister:-}" ] && unregister="; unregistered ${unregister:#,}"
if "$INSTALL"; then
echo "${0##*/}: added ${added:-none}; updated ${updated:-none}; kept ${kept:-none}${unregister}"
status " add "
action=Install
else
echo "${0##*/}: downloaded ${added:-none}; kept ${kept:-none}${unregister}"
status " download "
action=Download
fi
comma=''
[ "${add[*]}" ] || status none
for f in "${add[@]}" _update_ "${update[@]}"; do
[ "$f" ] || continue
if [ "$f" = _update_ ]; then
comma=''
"$INSTALL" || continue
action=Update
status "; update "
[ "${update[*]}" ] || status none
continue
fi
d="$( firmware_devicename "$f" )"
status "$comma$d"
comma=,
pending_status=false
if [ -e "$f" ]; then
if "$DRYRUN"; then
((VERBOSE)) && echo "$action ${f##*/}"
else
if ((VERBOSE == 1)); then
echo -n "Install ${f##*/} ..."
pending_status=true
fi
fi
elif "$DOWNLOAD"; then
if "$DRYRUN"; then
((VERBOSE)) && echo "Get/Verify ${f##*/}"
else
if ((VERBOSE == 1)); then
echo -n "Get/Verify ${f##*/} ..."
pending_status=true
fi
fetch "$f" &&
verify "$f" || {
if "$pending_status"; then
echo " failed."
elif ! ((VERBOSE)); then
status "failed (${f##*/})"
fi
continue
}
fi
elif "$INSTALL"; then
warn "Cannot install ${f##*/}, not found"
continue
fi
if ! "$INSTALL"; then
"$pending_status" && echo " done."
continue
fi
if ! "$DRYRUN"; then
if [ "$action" = Update ]; then
for i in $( installed_firmware '' "$d-firmware-" '*' )
do
delete_firmware "$i" || {
if "$pending_status"; then
echo " failed."
elif ! ((VERBOSE)); then
status "failed ($i)"
fi
continue
}
done
fi
add_firmware "$f" "$action" || {
if "$pending_status"; then
echo " failed."
elif ! ((VERBOSE)); then
status "failed (${f##*/})"
fi
continue
}
fi
if "$pending_status"; then
if [ "$action" = Install ]; then
echo " installed."
else
echo " updated."
fi
fi
done
[ "$unregister" ] && status "; unregister ${unregister:#,}"
[ "$kept" ] && status "; keep ${kept:#,}"