Age | Commit message (Collapse) | Author |
|
ssl3_ prefix.
ok beck@
|
|
ok jsing@
|
|
ok beck@
|
|
logic a bit so that an invalid primary header/partition entries
table does not cause readgptlabel() to exit before the secondary
header is tried.
|
|
headers by mistake.
|
|
ok "flensing knife"
|
|
ok "flensing knife"
|
|
ok "flensing knife"
|
|
ok "flensing knife"
|
|
ok "flensing knife"
|
|
ok "flensing knife"
|
|
We also no longer need the ssl3_pad_1 and ssl3_pad_2 arrays...
ok "flensing knife"
|
|
ok "flensing knife"
|
|
ok "flensing knife"
|
|
ok "flensing knife"
|
|
ok "flensing knife"
|
|
entry.
ok bluhm@, claudio@
|
|
ok "flensing knife"
|
|
ok "flensing knife"
|
|
ok "flensing knife"
|
|
ok beck@
|
|
both essentially the same (in fact DTLS benefits from improvements
previously made to the ssl3_send_finished() function).
ok beck@
|
|
|
|
|
|
rates on wireless interfaces. They are not needed by mere mortals.
ok phessler miod kettenis deraadt mpi
|
|
ssl3_handshake_msg_start()/ssl3_handshake_msg_finish().
ok beck@
|
|
making netcat non-blocking and fixing ip6_forward() ICMP6 checksum,
this test can be made more aggressive. Delete the path MTU route
before sending TCP streams through the pf firewall. This checks
that PMTU discovery works with outgoing interface MTU and router
MTU.
Test IPv4 and IPv6 protocols ICMP echo, UDP, TCP with pf nat-to,
rdr-to, af-to, route-to, reply-to. Some af-to cases seem to be
broken.
|
|
override so that internal calls go direct
ok deraadt@
|
|
Checking for rt_ifp is currently not enough because RTF_LOCAL routes
still use a hack introduced in 1991 and have lo0ifp as rt_ifp pointer.
So also check for rt_ifa->ifa_ifp in this case.
ok claudio@
|
|
layer because the strings select the right options. Mechanical
conversion.
ok guenther
|
|
|
|
|
|
the mbuf packet header. If the packet and is later dropped in
ip6_forward(), the TCP mbuf is copied and passed to icmp6_error().
IPv6 uses m_copym() and M_PREPEND() which preserve the packet header.
The inherited M_TCP_CSUM_OUT flag generates ICMP6 packets with an
incorrect checksum. So reset the csum_flags when packets are
generated by icmp6_reflect() or icmp6_redirect_output().
IPv4 does m_copydata() into a fresh mbuf. There m_inithdr() clears
the packet header, so the problem does not occur. But setting the
csum_flags explicitly also makes sense for icmp_send(). Do not or
M_ICMP_CSUM_OUT to a value that is 0 because of some function calls
before.
OK mpi@ lteo@
|
|
get_fstype() to gpt_get_fstype() as it moves.
|
|
only define them if not building for the "openbsd" flavour.
This way, non-obfuscated output can still be generated for analysis, by using
the "openbsd" flavour (which OpenBSD HEAD will do), and obfuscated output,
compatible with older as(1), will be generated for other platforms.
The portable version of LibreSSL can then use "openbsd-portable" as the
flavour for OpenBSD/amd64 so that generated files can be compiled with
OpenBSD 5.7 and other older versions stuck with as(1) 2.15.
|
|
**smaller than /24 allocations**. Our default ruleset will not allow
those, even though they will be for various pieces of critical dual-stack
infrastructure to help IPv6-only systems survive.
This adds a default rule to allow those blocks. With it, I see the
RIPE announced test blocks on our AMS-IX peers.
ARIN announced this block and policy at, enjoy
https://www.arin.net/announcements/2014/20140130.html
OK benno@, claudio@, sthen@, florian@
|
|
of repeated lehto32() and lehtoh64() in readgptlabel() to make code
more readable.
|
|
We can also now nuke ssl23_get_method() since it is the same as
tls1_get_method(). And the empty file can bite the dust.
ok bcook@ miod@
|
|
machinery. OpenBSD has never been not ELF on amd64, and changing this will
actually make -portable life slightly easier in the near future.
|
|
We can also now nuke ssl23_get_server_method() since it is the same as
tls1_get_server_method().
ok miod@
|
|
flag. Pointed out by jmc@'s commit to the openssl(1) man page.
|
|
API so it has one paste_free() rather than free_top and free_name
(everywhere that uses it already has the right pointer).
|
|
We can also now nuke ssl23_get_client_method() since it is the same as
tls1_get_client_method().
ok bcook@ miod@
|
|
their children to make sure they are still alive after rtfree(9)ing
rt->rt_parent.
Fix a use-after-fruit reported by stsp@
ok claudio@
|
|
We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.
ok jsing@
|
|
This register contains the x2apic enable bit. Restoring it re-enables x2apic on
the application processors at resume. On the boot processor, the normal
initialization code path is used.
Tested by many
OK mlarkin@
"Go for it" deraadt@
|
|
|
|
|
|
|
|
to use.
|