| Age | Commit message (Collapse) | Author |
|---|
|
GitHub issue 4231.
|
|
As most other objects, EC_KEYs can be as sparsely and invalidly populated
as imagination permits and the competent designers of EC_KEY_copy() chose
to just copy over what's available (yeah, what kind of copy is that?) and
leave in place what happens to be there. In particular, if the dest EC key
was used with a different group and has a private key, but the source key
doesn't, the dest private key remains intact, as invalid, incompatible and
unusable as it may be. Fix this by clearing said private key.
ok jsing
|
|
|
|
|
|
|
|
From Antonio Quartulli
a613a392417532ca5aaf3deac6e3277aa7aaef2b in linux-6.6.y/6.6.61
a6dd15981c03f2cdc9a351a278f09b5479d53d2e in mainline linux
|
|
From Lijo Lazar
3930715c1aefe8e5cbca94144081aa08b466d571 in linux-6.6.y/6.6.61
3ce3f85787352fa48fc02ef6cbd7a5e5aba93347 in mainline linux
|
|
From Alex Deucher
e2574b57990d482cb4310f8d571e728741c711c8 in linux-6.6.y/6.6.61
b46dadf7e3cfe26d0b109c9c3d81b278d6c75361 in mainline linux
|
|
From Alex Deucher
8906728f2fbd6504cb488f4afdd66af28f330a7a in linux-6.6.y/6.6.61
4d75b9468021c73108b4439794d69e892b1d24e3 in mainline linux
|
|
From Alex Deucher
5a8ae5fa576c3315c0b3ce0b0aec2e5d1aadebc9 in linux-6.6.y/6.6.61
f790a2c494c4ef587eeeb9fca20124de76a1646f in mainline linux
|
|
|
|
ok kettenis@
|
|
|
|
tb@ agrees
|
|
ok claudio
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ok stsp@
|
|
userland can request that network packets that are read from or
written to the device special file get prepended with a "tun_hdr"
struct. this struct contains bits which say what offloads are
requested for the packet, including things like ip/tcp/udp/icmp
checksums, tcp segmentation offloads, or ethernet vlan tags.
userland can write a packet with any of these offloads requested
into the kernel at any time, but has to request which ones it's
able to handle coming from the kernel. enabling the tun_hdr struct
and which offloads userland can handle is done with a new TUNSCAP
ioctl.
this is based on the virtio_net_hdr in linux, which jan@ actually
implemented and had working with vmd. however, claudio@ and i
strongly opposed to what feels like a layer violation by pulling
virtio structures into the tun driver, and then trying to emulate
virtio/linux semantics in our network stack, and playing catch up
when the "upstream" projects decide to change the shape or meaning
of these bits. tun_hdr is specific to the openbsd network stack and
it's semantics, which simplifies our kernel implementation. jan has
been pretty gracious about the extra work on the vmd side of things.
tested by and ok jan@
ok claudio@
|
|
"A return statement with an expression shall not appear in a function
whose return type is void."
ok deraadt miod
|
|
|
|
|
|
punt. A single res_query() call can return immediately (e.g. success
or the nameservers are unreachable), or take quite some time,
depending on how many nameservers are configured. So measure the
actual time it takes and decide wat to do based on that.
Early version from beck@; ok claudio@ deraadt@
|
|
ok stu deraadt
|
|
ok and tweaks from claudio@ and jmc@
|
|
Binary change in main.o and tal.o due to an assertion change and in spl.o
due to line number changes
looks good to claudio, ok clang + sha256
|
|
|
|
|
|
A certificate must have a subject, so X509_get_subject_name() cannot
return NULL on a correctly parsed certificate, even if the subject is
empty (which is allowed). So if X509_get_subject_name() returns NULL,
error instead of silently ignoring it in tls_check_common_name().
This is currently no issue. Where it matters, the match against the
common name will fail later, so we fail closed anyway.
ok jsing
|
|
offsets for RGB formats explicitly.
From Paul Fertser
ok patrick@ miod@ kettenis@
|
|
by u-boot.
From Paul Fertser
ok patrick@ miod@ kettenis@
|
|
Relevant for OpenBSD are security fix #915, other changes #905 #902
#904 #317 #918 #914. Major library bump is necessary as new error
constant has been added to a public header file. CVE-2024-50602
OK matthieu@ tb@ deraadt@
|
|
and purge the superseded information from the algorithm-independent
page EVP_PKEY_new(3).
|
|
stand a chance of using the API correctly.
Admittedly, having so much text below EXAMPLES is somewhat unusual.
While all that information is required to use the function correctly,
strictly speaking, it is not part of the specification of what
EVP_PKEY_new_CMAC_key(3) does, so it woundn't really belong
in the DESCRIPTION.
Now, designing an API function in such a way that using it correctly
requires lots of information about *other* functions and such that
all that additional information does not belong into the manual pages
of those other functions (both because that would cause distractions
in various other manual pages and because it would scatter required
information around lots of different pages) is certainly not stellar
API design. But we can't help that because these APIs were all
originally designed by OpenSSL.
Significant feedback and OK tb@.
|
|
|
|
|
|
|
|
spotted by jsing
|
|
|
|
|
|
These functions are no longer shared between multiple files, so they can
be static in ecp_methods.c and the long list of prototypes can go away.
|
