| Age | Commit message (Collapse) | Author |
|---|
|
prevent future diffs to be ugly.
ok bluhm@
|
|
|
|
output. The option wasn't documented in the manpage.
pointed out by jsing
|
|
Apparently, TLSv1_client_method() is used for historical reasons.
This behavior is no longer helpful if we want to know what ciphers
a TLS connection could use. This could change again after further
investigation of what the behavior should be...
ok beck jsing
|
|
breakage also noted by anton.
|
|
ok beck jsing
|
|
With this option, the command only shows the ciphers supported by the
SSL method.
ok beck jsing
|
|
|
|
|
|
|
|
Document it from scratch.
While here, merge a few details from the OpenSSL 1.1.1 branch, which
is still under a free license, into the documentation of DSA_size(3).
|
|
and X509_VERIFY_PARAM_set_auth_level(3). Document them.
For the latter, i included a few sentences from the OpenSSL 1.1.1
branch, which is still under a free license.
|
|
|
|
Or should we call it a centipede?
Feedback and OK on a previous version from jsing@
and from our chief myriapodologist, tb@.
|
|
Avoid undefined behaviour/integer overflow by casting an int64_t to
uint64_t before negating.
Fixes oss-fuzz #49043
ok tb@
|
|
EVP_PKEY_param_check(3), and EVP_PKEY_security_bits(3) from scratch.
Move the documentation of EVP_PKEY_size(3) and EVP_PKEY_bits(3)
to the new manual page EVP_PKEY_size(3).
Merge the documentation of the related function pointers
from the OpenSSL 1.1.1 branch, which is still under a free license.
OK tb@ on the new page EVP_PKEY_size(3).
|
|
ok jsing
|
|
tb@ recently added these functions to libcrypto
and also provided feedback on my first draft of this page.
|
|
We do not intend to make this a compile-time option.
Reminded by schwarze who asked about it
ok jsing
|
|
provided the new public function DH_check_pub_key(3) in <openssl/dh.h>.
Sorry for being a bit tardy in documenting the new function.
Then again, OpenSSL doesn't document it either, yet.
While here, drop a HISTORY entry about a constant that
was renamed in OpenSSL 0.9.5. That's no longer relevant.
|
|
|
|
|
|
source
Pointed out by sthen@
While make build indeed takes care of running make install in share/mk,
running make obj first would error out when encountering the unknown
BUILD_LLDB variable. I can wait a few days before committing this again.
|
|
to turn off the secondary CPUs and suspend the primary CPU using the
CPU_OFF and SYSTEM_SUSPEND calls. A new "halt" IPI is added to turn off
the ssecondary CPUs. This IPI is implemented for the ampintc(4) and
agintc(4) interrupt controllers. Fulle suspend/resume support is only
implemented for ampintc(4). This is enough to suspend and resume boards
based on the Allwinner A64 SoC, provided the necessary wakeup interrupts
have been set up (not part of this commit).
ok patrick@
|
|
|
|
ok jsing
|
|
ok jsing
|
|
ok jsing
|
|
It has long been known that pure Miller-Rabin primality tests are
insufficient. "Prime and Prejudice: Primality Testing Under Adversarial
Conditions" https://eprint.iacr.org/2018/749 points out severe flaws
in many widely used libraries. In particular, they exhibited a method to
generate 2048-bit composites that bypass the default OpenSSL (and hence
LibreSSL) primality test with a probability of 1/16 (!).
As a remedy, the authors recommend switching to using BPSW wherever
possible. This possibility has always been there, but someone had to
sit down and actually implement a properly licensed piece of code.
Fortunately, espie suggested to Martin Grenouilloux to do precisely this
after asking us whether we would be interested. Of course we were!
After a good first implementation from Martin and a lot of back and
forth, we came up with the present version.
This implementation is ~50% slower than the current default Miller-Rabin
test, but that is a small price to pay given the improvements.
Thanks to Martin Grenouilloux <martin.grenouilloux () lse ! epita ! fr>
for this awesome work, to espie without whom it wouldn't have happened,
and to djm for pointing us at this problem a long time back.
ok jsing
|
|
ok jsing
|
|
This adds an implementation of the integer square root using a variant
of Newton's method with adaptive precision. The implementation is based
on a pure Python description of cpython's math.isqrt(). This algorithm
is proven to be correct with a tricky but very neat loop invariant:
https://github.com/mdickinson/snippets/blob/master/proofs/isqrt/src/isqrt.lean
Using this algorithm instead of Newton method, implement Algorithm 1.7.3
(square test) from H. Cohen, "A course in computational algebraic number
theory" to detect perfect squares.
ok jsing
|
|
From Thomas Hellstrom
51a405dea0ae54330b6441c5f7c3bb9ceadedce8 in linux 5.15.y/5.15.54
bc1922e5d349db4be14c55513102c024c2ae8a50 in mainline linux
|
|
From Richard Gong
7a9e13b86536ce6dca54380f19d537b1c80caee3 in linux 5.15.y/5.15.54
aa482ddca85a3485be0e7b83a0789dc4d987670b in mainline linux
|
|
From Mario Limonciello
0a9a60dcedaacde4b903337b7445cb431b4dd119 in linux 5.15.y/5.15.54
0ab5d711ec74d9e60673900974806b7688857947 in mainline linux
|
|
From tiancyin
f3647c369c178c1cdea7f6a60dc32d6118afac40 in linux 5.15.y/5.15.54
425d7a87e54ee358f580eaf10cf28dc95f7121c1 in mainline linux
|
|
From CHANDAN VURDIGERE NATARAJ
59bf2aca4b1c3eca28b337b5e797bb9b43d44f3b in linux 5.15.y/5.15.54
50e6cb3fd2cde554db646282ea10df7236e6493c in mainline linux
|
|
From Michael Strauss
f276634b12fa8f63988be9cf5492c7d60d5ad7b1 in linux 5.15.y/5.15.54
bc204778b4032b336cb3bde85bea852d79e7e389 in mainline linux
|
|
From Ville Syrjala
b33035945b0a6853f8f6f63fb3c3bc9ea869337e in linux 5.15.y/5.15.54
ef7ec41f17cbc0861891ccc0634d06a0c8dcbf09 in mainline linux
|
|
From Thomas Hellstrom
9cf3a1c1288e43af00d70a8520ea9efbea01615e in linux 5.15.y/5.15.54
3e42cc61275f95fd7f022b6380b95428efe134d3 in mainline linux
|
|
From Matthew Brost
d839d15b50743164d7ad95f436ea284a2946c179 in linux 5.15.y/5.15.54
ce7e75c7ef1bf8ea3d947da8c674d2f40fd7d734 in mainline linux
|
|
|
|
to make make media structures MP safe.
OK mvs@
|
|
Apparently favored by deraadt@, pointed out by patrick@, ok patrick@
|
|
Shaves off a significant amount of time (eg on riscv64) in base builds.
Note that you'll need bsd.own.mk rev 1.213 (which make build should take
care of).
ok miod@ patrick@
|
|
ok miod@ patrick@
|
|
|
|
in the previous revision (1.66) I added an extra variable to track
wether we have printed the separator or not. Well, that's what the `n'
variable is for, so no need to duplicate the logic.
|
|
|
|
With input from jmc@ and sthen@
|
|
This lets me enter ddb(4) even when the riscv64 machines I manage get
unusable because of NFS.
Suggested by miod@, ok miod@ kettenis@
|
