Build date: 1732402802 - Sat Nov 23 23:00:02 UTC 2024 Build cvs date: 1732397043 - Sat Nov 23 21:24:03 UTC 2024 Build id: 2024-11-24.1 Build tags: amd64-regress ports sysupgrade Applied the following diff(s): /home/anton/tmp/robsd/src-ptrace-xstate.diff /home/anton/tmp/robsd/src-sys-em.diff /home/anton/tmp/robsd/src-sys-newvers.diff /home/anton/tmp/robsd/src-sys-uhidev-sispm.diff /home/anton/tmp/robsd/src-sysupgrade.diff ? regress/sys/kern/ptrace/xstate P distrib/sets/lists/comp/md.riscv64 P lib/libcrypto/ec/ec_mult.c P lib/libcrypto/sha/sha3.c P sys/dev/fdt/rkpmic.c commit jTcqJEKFyZOSvSbN Author: kettenis Date: 2024/11/23 21:24:03 Implement power down if the PMIC is marked as the system power controller in the device tree. From Paul Fertser. sys/dev/fdt/rkpmic.c commit jaUzALyhipuiLUvX Author: deraadt Date: 2024/11/23 15:42:58 sync distrib/sets/lists/comp/md.riscv64 commit 3kHwB1BRm7Hbk8Un Author: jsing Date: 2024/11/23 15:38:12 Simplify endian handling in SHA-3. Rather than having blocks of code that are conditional on BYTE_ORDER != LITTLE_ENDIAN, use le64toh() and htole64() unconditionally. In the case of a little endian platform, the compiler will optimise this away, while on a big endian platform we'll either end up with better code or the same code than we have currently. ok tb@ lib/libcrypto/sha/sha3.c commit HuySzwjSiw6UcRV7 Author: tb Date: 2024/11/23 12:56:31 Further refactoring of the wNAF code The big change is that the "rows" are no longer slices of val[] but that they actually own the points they contain. The price for this is an extra allocation for val[] and to piece it together from the two rows. That's ugly, but less ugly than before. Add a helper for freeing a row of points. It can deal with a NULL row so, we can remove a couple of complications. The second change is that the logic for preparing the rows is pulled back into ec_wNAF_mul[]. This way the m * G + n * P logic is in the one function that needs to know about it, the rest just deals with a pair of a point and a scalar. This starts resembling actual code... ok jsing lib/libcrypto/ec/ec_mult.c commit E98FFSMnmLh1ZlVp Author: tb Date: 2024/11/23 07:37:21 Drop bn is zero special case This is a corner case that isn't really of interest. We're making a few calculations that don't really hurt, but it's super cheap, so one more complication bites the dust. ok jsing lib/libcrypto/ec/ec_mult.c commit 5Zf16oRvHHCveU0w Author: tb Date: 2024/11/23 07:33:26 Further simplify after dropping wNAF modification We can now turn the for loop into a proper for loop for which there is obviously no out of bounds access. The length can be determined up front and it's easier to explain what's going on, so expand a few comments. ok jsing lib/libcrypto/ec/ec_mult.c commit 88IogtfpK9B9EUXw Author: tb Date: 2024/11/23 07:28:57 Ditch the wNAF modification This is another micro optimization that introduces needless complications for the sake of saving a few cycles. Specifically, by ditching the rule defining the wNAF representation (at most one of w+1 consecutive digits is non-zero) for the topmost digits, one can sometimes save a few digits at the cost of crazy loop conditions and other weirdness. That's not worth it. ok jsing lib/libcrypto/ec/ec_mult.c