| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
for RSA keys). Avoids fatal errors for PKCS#11 libraries that return
empty keyid, e.g. Microchip ATECC608B "cryptoauthlib"; bz#3364
|
|
|
|
move from an awful macro to a proper function.
|
|
|
|
In an upcoming libcrypto bump, EVP_PKEY will become opaque. In order to
stop reaching inside EVP_PKEY, we must replace EVP_PKEY_type(pkey->type)
with the equivalent EVP_PKEY_base_Id(pkey) in various places.
ok florian
|
|
ok deraadt
|
|
|
|
them inside #ifndef LIBRESSL_INTERNAL.
suggested by jsing
|
|
ASN1_const_CTX are now unused and will be garbage collected in the
next libcrypto bump.
ok jsing
|
|
|
|
|
|
|
|
|
|
|
|
workaround for excessive malloc inspired by mariadb (just kidding).
|
|
|
|
for opaque DSA. I'll deal with that later. I also lobbed a KNF grenade
in here.
|
|
work with opaque DH, but one step at a time. While here, add a bunch of
missing spaces to reduce the eyebleed.
|
|
The remaining test needs some thinking (or disabling once we flip
the switch). It is currently marked with an XXX.
|
|
X server and have been unlinked from the build. Converting the
tests from libfb to libwfb could be possible, but nobody is working
on that.
OK matthieu@ kettenis@
|
|
string. help claudio@ ok bluhm@
|
|
X509_OBJECT_new(3) and X509_OBJECT_free(3); document them.
While here, stop talking about storing storing EVP_PKEY objects
and plain C strings in X509_OBJECT objects. LibreSSL never fully
supported that, and it certainly no longer supports that now.
|
|
|
|
from Fabian Stelzer ok djm markus
|
|
ca certs but not with simple key lifetimes within the allowed
signers file.
Since it returns the first keys principal it finds this could
result in a principal with an expired key even though a valid
one is just below.
patch from Fabian Stelzer; feedback/ok djm markus
|
|
|
|
|
|
ok deraadt millert
|
|
as half-close on the output side; ok deraadt millert
|
|
|
|
POSIX.1-2008 tweaked the uniq definition in light of AGI 1003.1-2001
#133. uniq must now *ignore* the trailing newline when comparing
lines from the input.
In practice this means that if the last line in the input is missing a
trailing newline it isn't necessarily different from the line
preceding it.
So, uniq(1) now stubs the trailing newline before doing any line
comparisons.
For sake of simplicity, this patch introduces a second change: if the
last line in the input is missing a trailing newline and we choose to
print the line, a newline is appended when we print it.
Adopting the newline change aligns our implementation with with
POSIX.1-2008 (which we already claim in the manpage). Adopting both
changes aligns our behavior with that of FreeBSD and GNU uniq. For
better or worse, OpenBSD's uniq no longer behaves like NetBSD's uniq
in this corner case.
References:
POSIX.1-2001 uniq:
https://pubs.opengroup.org/onlinepubs/009695399/utilities/uniq.html
Austin Group Interpretation 1003.1-2001 #133:
https://collaboration.opengroup.org/austin/interps/documents/14355/AI-133.txt
POSIX.1-2008 uniq:
https://pubs.opengroup.org/onlinepubs/9699919799/utilities/uniq.html
--
Discussed with millert@. With input from schwarze@. Positive feedback
from bcallah@.
Thread: https://marc.info/?l=openbsd-tech&m=163581613829524&w=2
ok millert@
|
|
were connected could be closed by concurrent thread. Check connection
state and return ECONNREFUSED if the connection was lost.
ok bluhm@
|
|
interferes with the new poll()-based listen loop; spotted and
debugged by anton@+deraadt@
|
|
Behaviour is similar to that of umb(4).
OK kn@
|
|
X509_STORE_CTX_set_verify(3) and X509_STORE_CTX_get_verify(3).
Document them.
In the next bump, tb@ will also provide X509_STORE_CTX_verify_fn(3)
and X509_STORE_set_verify(3) and restore X509_STORE_set_verify_func(3)
to working order. For efficiency of documentation work, already
document those three, too, but keep the text temporariy .if'ed out
until they become available.
Delete X509_STORE_set_verify_func(3) from X509_STORE_set_verify_cb_func(3)
because it was misplaced in that page: it is not related to the
verification callback.
tb@ agrees with the general direction.
|
|
For some reason, if we send a scan command that actively scans for a
particular SSID with probe requests, the device will occasionally lock
up after associating to the AP, with no interrupts, totally dead.
The symptom of this is an interface that shows as "active" in ifconfig
but does not receive or transmit any packets.
Observed by kmos@ for some time already, and myself while testing new
Intel wifi firmware versions on iwm(4) 9560.
This problem was also observed on AX200 by me with old firmware. We had
the same workaround in place for iwx(4) for some time, until we upgraded
that driver to use newer firmware which uses a different scan command.
Workaround tested by kmos@ and myself.
|
|
The previous wording might be understood as "leave memory unused in the
primary domain", which is precisely what causes the hypervisor to reject
the configuration since ldomctl(8) would implicitly allocate all remaining
memory for the primary domain.
Make sure that primary domain memory should be assigned explicitly so the
total amount of allocated memory is less than physically available, i.e.
the hypervisor will have even more memory available and configurations can
boot again.
OK stsp
|
|
|
|
|
|
explicitly forbid % to be in packages-specs, so that people don't get confused
about it.
|
|
|
|
|
|
|
|
uhidev_open() and uhidev_close(). In uhidev_close() the UHIDEV_OPEN flag
is cleared early on but the same thread can end up sleeping while
closing the input or output pipe. This allows another thread to enter
uhidev_open() but only to fail opening either the input or output pipe
since they are already open for exclusive use. The uhidev_open() error
path frees the input buffer but leaves a dangling pointer around;
causing uhidev_close() to free the same buffer.
This can at least happen on xhci(4) which can end up sleeping in
xhci_pipe_close().
Reported by and ok gnezdo@
|
|
If the "file" argument to cnt() is NULL and we call warn(3) we will
get a NULL dereference.
Change the name of the argument to "path" and make "file" a local
variable. Ensure that we set "file" to a valid C-string, even if
"path" is NULL.
While we're here, const the file name pointers, too.
Thread: https://marc.info/?l=openbsd-tech&m=163708784422157&w=2
ok millert@
|
|
rewrite the code with a goto so this never happens again.
ok patrick millert
|
|
ok markus@
|
