| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Following https://lists.afrinic.net/pipermail/dbwg/2023-December/000496.html
Simply apply the inverse of 'afrinic.constraints' r1.2 to the other RIR files
(since no resources can be transferred from AFRINIC to any other RIRs).
OK tb@
|
|
Ties de Kock found RRDP content that doesn't match the XML schema, most
likely generated by krill: https://github.com/NLnetLabs/krill/issues/1180
Use the state machine to mark a new delta element as empty and check at
the end whether that state was changed (which means it contained publish
or withdraw elements). If so, raise a parse failure.
ok claudio job
|
|
the digital amplifier codecs wired up to a single GPIO. This is apparently
problematic for Linux and Asahi Linux changed their device trees to use a
regulator instead to such that reference counting makes sure that shutdown
isn't asserted until all codecs are ready for it. Follow suit, even though
our regulator code doesn't do the proper reference counting yet.
ok patrick@
|
|
allow additional information to be printed for specific CPU types. Use
this to print the L2C registers on Apple CPUs which can be very useful
in tracking down the source of certain SError interrupts.
ok miod@, dlg@
|
|
There is a bizarre EVP_CIPHER_CTX_cleanup() call in EVP_CipherInit()
leading to a subtle behavior difference with EVP_CipherInit_ex().
The history is that before EVP_CIPHER_CTX was made opaque, a context would
often live on the stack (hello, MariaDB) and the EVP_CIPHER_CTX_cleanup()
call was in fact an EVP_CIPHER_CTX_init() which just zeroes out the struct.
The problem with doing this is that on context reuse there could be data
hanging off it, causing leaks. Attempts were made to clean up things in
EVP_CipherFinal*(), but that broke applications reaching into the context
afterward, so they were removed again. Later on, opacity allowed changing
the _init() to a _cleanup() since EVP_CIPHER_CTX could no longer live on
the stack, so it would no longer contain garbage. I have to correct myself:
it would no longer contain stack garbage.
Now: EVP_CipherInit_ex() does some extra dances to preserve the AES key
wrap flag, which is cleared unconditionally in EVP_CipherInit(). That's
annoying to document and very likely never going to be an issue in the
wild: you'd need to do key wrap and then use the same context for use
with a cipher that does not allow key wrap for this to make a difference.
This way, all our EVP_{Cipher,Decrypt,Encrypt}*_ex() functions are now
trivially wrapped by their non-_ex() versions.
ok jsing
|
|
Clean up the cipher context unconditionally if the cipher is being set.
This allows doing the dance to retain the key wrap flag only once and
makes it more obvious that allocating the cipher data doesn't leak.
suggested by/ok jsing
|
|
ok jsing
|
|
None of these function pointers were ever set. Now that the structure is
opaque they won't ever be, so time for them to hit the bitbucket. Infinite
extensibility of the toolkit results in complications, bugs, and dead code.
ok jsing
|
|
If a negative n is passed, these functions would underrun the bitstring's
data array. So add checks for that and drop spades of unnecessary parens.
These functions are quite broken anyway. The setter attempts to zap the
unnecessary trailing zero octets, but fails to do so if the bit being
cleared isn't already set. Worse is the getter where you can't tell an
error (like attempting an out-of-bounds read) from the bit being unset.
ok joshua
|
|
|
|
These two functions previously wrapped a pkey_set_type() helper, which
was an utter mess because of ENGINE. With the long awaited departure of
ENGINE, this function became a lot simpler. A further simplification is
obtained by not doing the optimization to avoid an ameth lookup: this
requires walking a list of 11 ameths. We should consider bsearch()...
With this gone and a saner implementation of EVP_PKEY_free_it(), we can
implement these functions with a dozen lines of code each.
ok jsing
|
|
Use pkey instead of x, remove the pointless variable i, no need to check
for NULL before sk_X509_ATTRIBUTE_pop_free(), switch to freezero() to
leave fewer invalid pointers around.
ok jsing
|
|
ok jsing
|
|
|
|
Rename the variable from x into pkey, make it NULL safe and unindent.
ok jsing
|
|
ok jsing
|
|
ok jsing
|
|
There is no need for a local variable and a ternary operator here.
ok jsing
|
|
ok jsing
|
|
While here, also switch the argument placeholder from *impl to *engine
as suggested by tb@.
|
|
This may the first items all speak about base and xenocara material, and
the mention of ports/packages feels less out of place. Input and ok tb@
|
|
Knowing for which release this documentation was introduced seems
superfluous. ok tb@
|
|
It really makes no sense to have the mess that is EVP_MD_CTX_copy{,_ex}()
live between EVP_Digest{Init{,_ex},Update,Final{,_ex}}() and EVP_Digest(),
the latter being a relatively simple wrapper of Init_ex/Update/Final_ex.
|
|
build error reported by deraadt@ ok kettenis@
|
|
OK tb@
|
|
This adds support for the devices in nested directories.
Pointers, review, and OK by semarie@
|
|
r1.69 introduced -C in 2008 "to continue multiple transfers";
'ftp -C ftp://ftp.eu.openbsd.org/' lands in "ftp> " and turns "mget"
into "reget" by default.
r1.139 -C/resume without "proc exec" thusly was too strict.
Instead, now after recent cleanups/tweaks, prevent execution with -o.
OK millert
|
|
|
|
|
|
No changes to perl, as those were already committed for the earlier errata.
This just brings documentation and such in line with upstream.
ok bluhm@
|
|
locked down and we need to retain the existing mappings.
ok patrick@
|
|
|
|
interfaces that are needed for the upcoming apple kms driver.
ok jsg@
|
|
Linux architectures (including the most popular 32-bit ones) and a new
driver I'm working on tries to print a dma_addr_t variable using %llx.
ok jsg@
|
|
Consistently implement the _ex() version after the non-extended versions,
First Cipher Init/Update/Final, then Encrypt, then Decrypt. This only
switches the order of CipherFinal{,_ex} and move the DecryptInit* down,
so they are no longer somewhere in the middle of the Encrypt* functions.
|
|
interface descriptor. It panics during attach of em(4) device at
boot.
|
|
|
|
|
|
|
|
descriptor.
We have the mess in network interface statistics. Only pseudo drivers
do per-CPU counters allocation, all other network devices use the old
`if_data'. The network stack partially uses per-CPU counters and
partially use `if_data', but the protection is inconsistent: some times
counters accessed with exclusive netlock, some times with shared
netlock, some times with kernel lock, but without netlock, some times
with another locks.
To make network interfaces statistics more consistent, always allocate
per-CPU counters at interface attachment time and use it instead of
`if_data'. At this step only move counters allocation to the if_attach()
internals. The `if_data' removal will be performed with the following
diffs to make review and tests easier.
ok bluhm
|
|
|
|
ok millert@
|
|
I guess I'm getting old. Next time I'll have to add a reminder not to
forget to remove the reminder.
|
|
|
|
Previously, these fields would be skipped. From Hiltjo Posthuma.
|
|
These remove a few more potential out-of-bounds accesses and ensure in
particular that the padding is between 1 and block_size (inclusive).
ok joshua jsing
|
|
|
|
|
|
|
