| Age | Commit message (Collapse) | Author |
|---|
|
|
|
U2F/FIDO keys are not supported for host authentication, so we need
a separate list for user keys.
feedback & ok markus@
|
|
|
|
Supports enrolling (generating) keys and signatures.
feedback & ok markus@
|
|
Key library support: including allocation, marshalling public/private
keys and certificates, signature validation.
feedback & ok markus@
|
|
|
|
agreed by deraadt
|
|
lease. Constrain by only looking at static routes, which are the only
kind dhclient will add. Correct by realizing direct /32 routes in the
lease look different when returned from the routing table.
Further correct route comparison by applying appropriate netmask to
both destination addresses before comparing them.
Fixes "arpresolve: ... route contains no arp information" issue
reported on bugs@.
Much problem analysis and fix testing by Lauri Tirkkonen. Thanks!
|
|
|
|
for RSA key generation to 512 bits. Document that minimum.
|
|
|
|
From OpenSSL 1.1.1d.
ok inoguchi@
|
|
From OpenSSL 1.1.1d.
ok inoguchi@
|
|
|
|
Makes code more robust and reduces differences with OpenSSL.
ok inoguchi@
|
|
exponent.
From OpenSSL 1.1.1d.
ok inoguchi@
|
|
unwind should now be able to work in networks with crappy middle boxes.
We also need to switch to the ASR resolver, not DHCP when we are behind
a captive portal. Some captive portals let through DNS queries with edns0
options but the "click here to accept the terms of service page" is not
resolvable with edns0.
|
|
libc asynchronous resolver directly with DHCP provided nameservers.
This is a last-ditch effort when we find ourself behind a completely
broken middle-box.
Input & OK otto
OK benno
|
|
Assign and test, explicitly test against NULL and use calloc() rather than
malloc.
ok inoguchi@
|
|
ok inoguchi@
|
|
This helps a bit in situations where a single AP is used and background scans
are causing packet loss, as seen with Jesper Wellin's Broadcom-based AP and my
Android phone in hotspot mode. This is not a proper fix but our background scan
frequency against a single AP was much higher than needed anyway.
Tested by jan, job, benno, Tracey Emery, Jesper Wallin
|
|
ok claudio@
|
|
parser process. This way the parser never needs to read outside of the
cache directory which makes the unveil simpler. Additionally rsync_uri_parse
no longer needs to know about .tal files so there is now no chance to sneak
in a .tal file later on.
OK deraadt@
|
|
ok millert@
|
|
multiple of bs use conv=sync to zero pad the final record. Avoids
"vnd0: sloppy write from proc" messages when building arm releases.
tested by deraadt@
|
|
|
|
graceful reload. At the same time extend peer_dump() to force all updates
getting sent by adding every entry in the Adj-RIB-Out to the update tree
unless they are PREFIX_FLAG_DEAD or PREFIX_FLAG_STALE. The latter will be
removed during that stage since peer_dump() just did a full update of the
Adj-RIB-Out. Also fix prefix_withdraw to check the correct prefix flags
before removing a prefix from the update or withdraw tree.
OK benno@
|
|
From Hans de Goede
4d5307c099afc9ce5fe89e8acf9b3c65104d0e08 in linux 4.19.y/4.19.81
984d7a929ad68b7be9990fc9c5cfa5d5c9fc7942 in mainline linux
|
|
From Thomas Hellstrom
11377c3e997eca9c9ff562fc4fc7a41a455bddf6 in linux 4.19.y/4.19.81
941f2f72dbbe0cf8c2d6e0b180a8021a0ec477fa in mainline linux
|
|
From Kai-Heng Feng
33af2a8ee304ee2deb618eebb534b52ce166467f in linux 4.19.y/4.19.81
11bcf5f78905b90baae8fb01e16650664ed0cb00 in mainline linux
|
|
From Alex Deucher
0933b0db7fb239be01270b25bf73884870d8c1e6 in linux 4.19.y/4.19.81
8d13c187c42e110625d60094668a8f778c092879 in mainline linux
|
|
This is inside !(defined(__amd64__) || defined(__i386__)),
while the file is only used on those two architectures.
"Free commit! No strings attached! No hidden tricks!" from miod
|
|
|
|
|
|
Write the documentation from scratch.
|
|
and EVP_PKEY_CTX_*_ecdh_*(3); from Antoine Salon <asalon at vmware dot com>
via OpenSSL commit 87103969 Oct 1 14:11:57 2018 -0700
from the OpenSSL 1.1.1 branch, which is still under a free license
|
|
|
|
and EVP_PKEY_CTX_get1_id_len(3), but make it sound more like English text;
from Paul Yang via OpenSSL commit f922dac8 Sep 6 10:36:11 2018 +0800
from the OpenSSL 1.1.1 branch, which is still under a free license
|
|
from Stephen Henson via OpenSSL commit 146ca72c Feb 19 14:35:43 2015 +0000
|
|
non-cloned devices. Combine spec_close() and spec_close_clone() to avoid
code duplication.
OK mpi@
|
|
|
|
|
|
|
|
|
|
|
|
This syncs the RSA OAEP code with OpenSSL 1.1.1d, correctly handling OAEP
padding and providing various OAEP related controls.
ok inoguchi@ tb@
|
|
This handles controls with a message digest by name, looks up the message
digest and then proxies the control through with the EVP_MD *.
This is internal only for now and will be used in upcoming RSA related
changes.
Based on OpenSSL 1.1.1d.
ok inoguchi@ tb@
|
|
and now-unneeded save and restore of errno. ok deraadt@ markus@
|
|
actually inserts the missing prefix in the prefix tree. While for
regular updates to the Adj-RIB-Out this case is indeed not reachable
it is reachable when using 'export default-route'.
Problem reported and fix tested by Esa Kuusisto.
OK benno@
|
|
First by requeuing an element that is already on the list and second
by freeing a nexthop that is still on the list resulting in a use after
free. This should fix bgpd crashes seen by various people.
Problem report including backtrace from benno@
OK benno@
|
