summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-11-02Bring back some icky buffer allocation code so that pkey_rsa_print()Joel Sing
works again with the horrific API that is ASN1_bn_print(). Issue spotted by inoguchi@
2019-11-02Add tls_conn_cipher_strength() to gotls regress.Joel Sing
2019-11-02Disable test-tal since it currently fails to build.Joel Sing
2019-11-02Use LibreSSL for rpki-client regress tests.Joel Sing
2019-11-02Sync.Joel Sing
2019-11-02Bump libcrypto, libssl and libtls minors due to symbol additions.Joel Sing
2019-11-02Provide RSA_PKCS1_OpenSSL().Joel Sing
Prompted by inoguchi@
2019-11-02Make RSA_padding_{add,check}_PKCS1_OAEP_mgf1() public.Joel Sing
2019-11-02Make RSA_OAEP_PARAMs public.Joel Sing
2019-11-02Document tls_conn_cipher_strength().Joel Sing
ok schwarze@
2019-11-02Build rpki-client with LibreSSL.Joel Sing
2019-11-02Enable CMS in LibreSSL.Joel Sing
ok bcook@ deraadt@ inoguchi@ job@ tb@
2019-11-02Provide tls_conn_cipher_strength().Joel Sing
This returns the strength in bits of the symmetric cipher used for the connection. Diff from gilles@ ok tb@
2019-11-02Add a few more PCIe capability registers and bits. As usual, the namesMark Kettenis
are taken from Intel chipset documentation. Prompted by a diff from kurt@. ok kurt@
2019-11-02Start documenting which locking primitives apply to uvm_map members.Martin Pieuchot
ok kettenis@
2019-11-02When we are behind a captive portal we very likely need to use the asrFlorian Obser
strategy to get past it. This is also true when we don't know yet if we are behind a captive portal. However, when the nameserver dhcp hands us are unreachable (e.g. because they are down) asr is dead, we are still using it and we are now stuck. Only force to asr if we know that it is working. If we are behind a captive portal and the dhcp nameserver are dead we probably won't get past it. But if we are in a network with unreachable dhcp nameservers we will make progress. Stumbled upon by remi while blocking port 53 in pf. OK remi
2019-11-02Move dead procs to the reaper queue immediately after context switch.Visa Hankala
This eliminates a forced context switch to the idle proc. In addition, sched_exit() no longer needs to sum proc runtime because mi_switch() will do it. OK mpi@ a while ago
2019-11-02switch ASN1_STRING_data() with constified ASN1_STRING_get0_data()Gilles Chehade
2019-11-02Write debug messages to stderr instead of stdoutJeremie Courreges-Anglas
ok kn@ mpi@
2019-11-02Zap remnants from "cpu throttling on mp systems" introduced in rev 1.46Jeremie Courreges-Anglas
That logic is now in the kernel. ok kn@ mpi@
2019-11-01Kill resched_proc() and instead call need_resched() when a thread isMartin Pieuchot
added to the runqueue of a CPU. This fix out-of-sync cases when the priority of a thread wasn't reflecting the runqueue it was sitting in leading to unnecessary context switch. ok visa@
2019-11-01Reduce BOOTRANDOM_MAX to 256. naddy pointed out there's no point havingTheo de Raadt
it larger than RC4STATE. A long discussion ensued. In conclusion all entropy inputs are either satisfactory enough, or just as shitty at 512.
2019-11-01Limit lazy resize to panes in attached sessions only - those inNicholas Marriott
unattached are likely to have been resized by something like split-window where the user probably wants the resize to happen immediately. GitHub issue 1963.
2019-11-01In evp/pmeth_lib.c rev. 1.16, jsing@ enabled EVP_PKEY_RSA_PSS.Ingo Schwarze
Document it.
2019-11-01In rsa.h rev. 1.45, jsing@ providedIngo Schwarze
the three macro constants RSA_PSS_SALTLEN_*; document them. The wording is a combination of our existing text and the wording in the OpenSSL 1.1.1 branch, which is still under a free license.
2019-11-01Push the KERNEL_LOCK() down in uvm_map_inentry().Martin Pieuchot
The lookup in uvm_map_inentry_fix() is already serialized by the vm_map_lock and such lookup is already executed w/o the KERNEL_LOCK(). ok kettenis@, deraadt@
2019-11-01Keep local function definitions in C files.Martin Pieuchot
2019-11-01Document that p_{sp,pc}inentry are owned by the current thread.Martin Pieuchot
2019-11-01syncTheo de Raadt
2019-11-01Correctly group initialization of AF_UNIX socket.Florian Obser
spotted by deraadt in new code, sweep by me. OK deraadt
2019-11-01Fix an off-by-one in db_save_stack_trace().Martin Pieuchot
Save the PC after checking if it belongs to the kernel.
2019-11-01Flush the register windows before unwinding the stack.Martin Pieuchot
This makes db_save_stack_trace() and db_stack_dump() work. ok deraadt@, kettenis@
2019-11-01Remove duplicated header.Martin Pieuchot
2019-11-01Add DSA CMS support.Joel Sing
From OpenSSL 1.1.1d. ok tb@
2019-11-01Add RSA CMS support.Joel Sing
From OpenSSL 1.1.1d. ok tb@
2019-11-01Provide NID for pSpecified.Joel Sing
ok tb@
2019-11-01Wire up PKEY methods for RSA-PSS.Joel Sing
ok tb@
2019-11-01Wire up ASN.1 methods for RSA-PSS.Joel Sing
ok tb@
2019-11-01In rsa.h rev. 1.45, jsing@ provided the threeIngo Schwarze
macros EVP_PKEY_CTX_set_rsa_pss_keygen_*(3); document them. Text mostly taken from the OpenSSL 1.1.1 branch, which is still under a free license, but rearranged to fit the structure of our manual pages.
2019-11-01move the PSS macros to the end in preparation for adding more macros,Ingo Schwarze
reduce text duplication by forming subsections, and some minor corrections
2019-11-01fix miscellaneous text problems; ok djm@Christian Weisgerber
2019-11-01The EVP_PKEY_CTX_ctrl(3) manual page requires additions for RSA-PSSIngo Schwarze
but it is growing to excessive size, so split out RSA_pkey_ctx_ctrl(3).
2019-11-01Handle the various different forms of rgb colour strings.Nicholas Marriott
2019-11-01update currency exchange rates;Jason McIntyre
2019-11-01fix a race condition in the SIGCHILD handler that could turn inDamien Miller
to a kill(-1); bz3084, reported by Gao Rui, ok dtucker@
2019-11-01Update RSA ASN.1 code to handle RSA-PSS.Joel Sing
From OpenSSL 1.1.1d. ok tb@
2019-11-01Clean up RSA_new_method().Joel Sing
Use calloc() instead of malloc() for initialisation and remove explicit zero initialisation of members. This ensures that new members always get initialised. Also use a single error return path, simplifying code. ok tb@
2019-11-01remove duplicate PUBKEY_DEFAULT_PK_ALG on !WITH_OPENSSL pathDamien Miller
2019-11-01more additional source filesDamien Miller
2019-11-01additional source files here tooDamien Miller