| Age | Commit message (Collapse) | Author |
|---|
|
paths; GHPR115
|
|
defined(DEBUG) || defined(DIAGNOSTIC) || defined(VFSLCKDEBUG)
as they won't be used otherwise.
Shaves a few bytes off installation kernels.
ok kn@ semarie@
|
|
|
|
based on GHPR393
|
|
use the shared one from fatal.c
based on GHPR401 from lengyijun
|
|
the hostkey algorithms. AFAIK this code is unused in OpenSSH, but I
guess others are using it
based on GHPR387 from Pawel Jakub Dawidek
|
|
commandline to be exactly two characters long. Avoids one by OOB
read if ssh is invoked as "ssh -e^ ..."
Spotted by Maciej Domanski in GHPR368
|
|
ones that are unused outside the implementation itself; based on
GHPR#282 by tobias@
|
|
|
|
|
|
From Jani Nikula
55f2bd90b9fba95e929d4c407ffc422597152323 in linux-6.6.y/6.6.57
4cc2718f621a6a57a02581125bb6d914ce74d23b in mainline linux
|
|
From Alex Hung
65b2d49e55fe13ae56da3a7685bdccadca31134a in linux-6.6.y/6.6.57
ff599ef6970ee000fa5bc38d02fa5ff5f3fc7575 in mainline linux
|
|
From Alex Hung
939b4b2c008d4c620b8127bfd12cb22e40447141 in linux-6.6.y/6.6.57
bc2fe69f16c7122b5dabc294aa2d6065d8da2169 in mainline linux
|
|
From Wenjing Liu
b505e4fc411c1015ff5114b0cca8c9b20ae2f679 in linux-6.6.y/6.6.57
4b22869f76563ce1e10858d2ae3305affa8d4a6a in mainline linux
|
|
From Rob Clark
be6c52b059a28ec7f78a135061f2cc16b352ef70 in linux-6.6.y/6.6.57
b6802b61a9d0e99dcfa6fff7c50db7c48a9623d3 in mainline linux
|
|
ok claudio@
|
|
ok patrick@, phessler@
|
|
from Teubel Gyorgy, GitHub issue 4191.
|
|
|
|
this file at some point, but such code now lies comfortably in the Attic.
ok jsg@ mpi@
|
|
Fixes a potential buffer overrun. Also check strlcpy() and strlcat()
return value to detect truncations. Based on a diff from naddy@.
OK naddy@ tb@ deraadt@
|
|
This becomes a simple wrapper function that currently does three checks:
1. ensure the fieldID is for a prime field
2. check that the purported prime is of reasonable size, extract and
set curve coefficients and point conversion form
3. extract and set generator, order, cofactor and seed.
Sanity checks such as the Hasse bound are dealt with in the EC_GROUP API,
so need not be repeated here. They will become redundant once we enforce
that the parameters represent a builtin curve anyway.
ok jsing
|
|
This can be overridden on a per-architecture basis. The default version
calls OPENSSL_cpuid_setup(), which will be eventually replaced/removed.
ok joshua@ tb@
|
|
OPENSSL_cpuid_setup() is no longer exported and is now only ever run under
pthread_once().
ok joshua@ tb@
|
|
Add deep flag as function argument which is used by the sleep API but
nowhere else. Both calls to sleep_signal_check() should skip the ugly
bits of cursig().
In cursig() if deep once it is clear a signal will be taken keep the
signal on the thread siglist and return. sleep_signal_check() will then
return EINTR or ERESTART based on the signal context. There is no reason
to do more in this special case. Especially stop/cont and the ptrace trap
must be skipped here. Once the call makes it to userret the signal will be
picked up again and handled in a safe location.
Stopping singals need some additional logic since we don't want to abort
the sleep just to stop a process. Since our SIGSTOP handling requires
a major rewrite this will be posponed until then.
OK mpi@
|
|
|
|
|
|
|
|
|
|
This switches to using the X509_get_signature_info() API instead of hand
rolling a part of it. This is slightly tangly since the security level API
is strange. In particular, some failures are passed to the security level
callback so that applications can override them.
This makes the security level API handle RSA-PSS and EdDSA certificates
correctly and the handshake with such can progress a bit further. Of note,
we check that the certs are actually suitable for use in TLS per RFC 8446
contrary to what OpenSSL does.
ok beck jsing
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This provides a non-trivial non-builtin curve that is unlikely to ever
become a builtin curve. This exercises the cofactor guessing code and
and ensures that things work as far as they can with a custom OID. The
main reason for adding it is to have a "real-world" example for an
upcoming check that EC parameters represent a builtin curve.
|
|
moved to ELF.
Move the a.out specific defines and macros, but the MID_xxx values, from
<sys/exec.h> to <a.out.h>, and update the few userland binaries which really
need these defines (i.e. boot-related tools for old architectures) to
explicitly include <a.out.h> when needed.
"Fine" deraadt@
|
|
traps. Such instructions are deprecated in v9 (64-bit) code and should never
occur in real-life code. See v9 manual A.59 and A.60 for details.
CVS ----------------------------------------------------------------------
|
|
debugger breakpoints nor compiler-generated divide by zero reports.
SIGEMT is a historical curiosity which makes no sense nowadays except on
PDP-11 and VAX hardware.
Discussed with imp@ and visa@ long ago.
|
|
tun_init turns interface/stack config into a set of flags that
tun(4) keeps in tun_softc sc_flags, but never uses.
ok miod@ kn@
|
|
netintro says it's deprecated, and most of our other drivers are
doing fine without it.
ok miod@ kn@ patrick@
|
|
EVP_PKEY_get0_* were made const correct in OpenSSL 3 and now cause the
build of rpki-client to emit warnings. Of course no one is able to see
these warnings because they are hidden in all the deprecation vomit.
Makes rpki-client build cleanly against OpenSSL 3 when configured with
--with-openssl-cflags=-DOPENSSL_SUPPRESS_DEPRECATED.
ok claudio deraadt job
|
|
|
|
|
|
silences an annoying warning
|
|
|
|
|
|
rust-openssl is an integral part of the Rust ecosystem and more than a
dozen ports, including lang/rust itself, depend on it. We need to ensure
that it keeps working with LibreSSL.
If the rust and rust-openssl-tests packages are installed, create a cargo
workspace under obj/ that compiles and runs the rust-openssl regress tests
much like what is done for the openssl-ruby tests. This expands our regress
coverage: for instance, this would have caught the broken ASN.1 indefinite
length encoding caused by asn1/tasn_enc.c r1.25.
Positive feedback beck jsing semarie
Testing and ok anton
|
|
|
