| Age | Commit message (Collapse) | Author |
|---|
|
should fix panic on boot on x41 reported by Fred Crowson
|
|
subset of the request permissions, so when forcing an initial RO
fault for CoW also clamp the access_type.
problem reported by bluhm@
based on a suggestion from miod@
ok kettenis@
|
|
|
|
|
|
Missing check reported by Ties de Kock
OK tb@ benno@
|
|
CRL's signature is invalid, not the certificate's.
|
|
the code. Also add error checking where possible.
ok jsing
|
|
ok jsing
|
|
OK benno@
|
|
data from struct msghdr to system call sendmsg(2). Fix the controllen
and make error messages unique.
OK mvs@
|
|
ok miod@ mpi@
|
|
No object change.
OK millert
|
|
Remove the X509 argument as it is unused - this was passed so that
ssl_cert_type() can get the public key from the X509 object if the
EVP_PKEY argument is NULL, however this is never the case.
ok tb@
|
|
On PolarFire SoC, the HSS firmware loads HSS payload from BIOS boot
partition. Typically the payload carries second-stage low-level boot
code, such as U-Boot. If the payload is missing, the SoC is not able
to boot normally. Hence automatic disk formatting should not delete
the partition.
OK krw@
|
|
3050.
|
|
OK kettenis@ deraadt@
|
|
Reduce #ifdef'ing within the control logic to make it clearer that there
are no essential differences in behaviour between the platforms.
Make installboot(8) write startup.nsh to enable simpler and more consistent
code in install.md.
Input and OK kettenis@ deraadt@
|
|
The code is common to EFI platforms, not specific to armv7.
Suggested by kettenis@
|
|
3054.
|
|
|
|
|
|
|
|
|
|
This driver implements an interface for using DMA for audio output.
ok ratchov@
|
|
than assuming it will always be zero.
ok kettenis@
|
|
the to delete list stored this RRDP node.
Noticed by Job on console.rpki-client.org with the help of idnic.net
OK tb@
|
|
|
|
|
|
interrupt context), this however means occasional resource shortage will
result in callbacks registration failing, and unknown consequences for
the task-submitting caller.
Changing this to use pools with a low water mark, decreases the odds
of that problem occuring.
ok kettenis
|
|
|
|
|
|
From Bas Nieuwenhuizen
548f20b39ec91fdd97194a84a0d9b2f68715762a in linux 5.15.y/5.15.19
72a8d87b87270bff0c0b2fed4d59c48d0dd840d7 in mainline linux
|
|
From Manasi Navare
73740f948252e424a01465155d8737bceae23653 in linux 5.15.y/5.15.19
5ec1cebd59300ddd26dbaa96c17c508764eef911 in mainline linux
|
|
from Fabian Stelzer
|
|
in allowed_signers files; from Fabian Stelzer
|
|
static const char *array => static const char * const array
from Mike Frysinger
|
|
|
|
|
|
messages. Spotted by and ok tb@
|
|
put BIOS objects into there, and rely upon them. We are shocked, SHOCKED,
to find a machine that does so in a large object (Supermicro 5019D-FTN4).
So now we need to ignore memory regions < 32MB in size. If we put this
memory into use, the zerothread will soon clear it, and on this particular
case the machine resets because something in AML or SMI gets unhappy.
Other machines with similar problems may exhibit other misbehaviours, so
this could fix heisenbugs. Sadly I expect products to get worse.
ok kettenis, miod
|
|
Fixes an issue uncovered by the recent change to enlarge kva space where
an unaligned address was passed resulting in memset() writing past the
end of the newly allocated page.
ok miod@
|
|
the items. Also fix mode menus.
|
|
not permitted. Luckily nothing is using GPE_DIRECT anymore, so this code
can be deleted.
ok kettenis
|
|
|
|
Rather than leaking libcrypto defines through the tls_sign_cb and
tls_signer_sign() interfaces, provide and use our own TLS_PADDING_*
defines.
ok inoguchi@ tb@
|
|
|
|
The current design of tls_sign_cb provides a pointer to a buffer where the
signature needs to be copied, however it fails to provide a length which
could result in buffer overwrites. Furthermore, tls_signer_sign() is
designed such that it allocates and returns ownership to the caller.
Revise tls_sign_cb so that the called function is expected to allocate a
buffer, returning ownership of the buffer (along with its length) to the
caller of the callback. This makes it far easier (and safer) to implement
a tls_sign_cb callback, plus tls_signer_sign can be directly plugged in
(with an appropriate cast).
While here, rename and reorder some arguments - while we will normally
sign a digest, there is no requirement for this to be the case hence use
'input' and 'input_len'. Move padding (an input) before the outputs and
add some additional bounds/return value checks.
This is technically an API/ABI break that would need a libtls major bump,
however since nothing is using the signer interface (outside of regress),
we'll ride the original minor bump.
With input from tb@
ok inoguchi@ tb@
|
|
OK espie@
|
|
do not bother operating on its first 8 bytes, which will always be zero.
ok visa@
|
|
from Marcel Partap.
|
