summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-04-27sort options;Jason McIntyre
2023-04-27arm64 install.md: fix softraid crypto installation on MacCaspar Schutijser
Make sure we don't newfs the EFI Sys partition on systems that have an "apfsisc" partition in the case we're installing with softraid crypto. Debugged with help from and came up with a fix with kn@ "go ahead" kettenis@ "no objections" krw@ OK kn@
2023-04-27RFC 9096 changes the default timers for prefix preferred and valid lifetimes,Peter Hessler
so update rad(8) to the new ones. OK florian@
2023-04-27tiny wording tweak from Ted Bullock to make misunderstandings less likely;Ingo Schwarze
OK jmc@
2023-04-27Implement -V as an alias to --version.Claudio Jeker
From Martin Cracauer OK kn@
2023-04-27Convert size_t's used in conjuction with sk_X509_num back to int.Bob Beck
The lets the regress in x509/policy pass instead of infinite looping. The changes are necessry because our sk_num() returns an int with 0 for empty and -1 for NULL, wheras BoringSSL's returns a size_t with 0 for both an empty stack and a NULL stack. pair work with tb@ ok tb@ jsing@
2023-04-27various markup tweaks, no content change; OK jmc@Ingo Schwarze
2023-04-27various minor content corrections and improvements;Ingo Schwarze
feedback and OK jmc@ and Ted Bullock
2023-04-27Remove efi32 and efi64. These are leftovers from a project that didn't goMark Kettenis
very far and the presence of these directories just confuse people and make them do more work than necessary. ok patrick@, kn@, mlarkin@
2023-04-27Also list the command constants not associated with any macros,Ingo Schwarze
and point to their documentation.
2023-04-27Remove kernel lock from rtfree(9).Vitaliy Makkoveev
Route timers and route labels protected by corresponding mutexes. `ifa' uses references counting for protection. rt_mpls_clear() could be called lockless because this is the last reference of `rt'. ok bluhm@ kn@
2023-04-27Retire -E's "expert" mode. Introduced 23 years ago to avoidKenneth R Westerback
confusing users with FFS attributes that only experts should fiddle with. Actual use has withered away with functionality rendered moot or moved elsewhere. '-e' remains for the truly obscure corner cases. Simply excise the code for now to see if hidden users/uses are exposed. Further simplifications are possible if no such users/uses surface. ok with sthen@ millert@ kn@ otto@
2023-04-27Temporarily workaround double calls into vioscsi_req_done()Kenneth R Westerback
causing NULL de-reference. Reported, initial patch and tests by Antun Matanovic. Thanks! ok miod@
2023-04-27correct test cases to add expected errors.Bob Beck
2023-04-27revert cache lookup for full pathnamesRobert Nagy
2023-04-27Start of an x509 policy regress test. test cases from BoringSSL.Bob Beck
Still a work in progress adapting tests from boringssl x509_test.cc but dropping in here for tb to be able to look at and run as well since the new stuff still has bugs.
2023-04-27Remove net lock from DIOCGETTIMEOUTKlemens Nanni
'pfctl -s timeouts' values are only used inside of pf, entirely protected by the pf lock through the ioctl interface; the net lock is useless. Previous attempts to remove net lock usage showed that the pf lock cannot yet entirely replace it, so start with small pieces like this one. Contrary to IPv4/6 read-only ioctls, some pf ioctls without FWRITE flag do modify internal pf state, which is not entirely obvious when approached from the ioctl layer. OK sashan dlg
2023-04-27Add `rttimer_mtx' to the locking description.Vitaliy Makkoveev
No functional changes.
2023-04-27tlsexttest: check additional logic in tlsext randomizationTheo Buehler
This verifies that we put PSK always last and that the Apache 2 special does what it is supposed to do. There is also some weak validation of the Fisher-Yates shuffle that will likely catch errors introduced in tlsext_randomize_build_order()
2023-04-27zap APM_CANCEL, dead since import; OK tbKlemens Nanni
2023-04-27ssl_tlsext.c: Add an accessor for the tls extension type.Theo Buehler
Needed for the tlsexttest.c ok jsing
2023-04-27Somehow I managed not to bump LIBRESSL_VERSION_NUMBERTheo Buehler
reported by aja
2023-04-27Treat crypto disk like the root disk, both are boot disksKlemens Nanni
Chosing [W]hole on a GPT disk means it needs non-default `-b' fdisk(8) to account for existing EFI Sys partitions, whether it modifies an existing GPT (Apple APFS ISC) or writing a new one. With 'Encrypt the root disk?' answered postively, the crypto disk instead of the root disk becomes the boot disk. Extend the logic to both crypto and root disk, really asking "is this a boot disk?". with caspar
2023-04-27EC_KEY_{get,insert}_key_method_data() are no longer availableTheo Buehler
2023-04-27One more reciprocal thing hid in here (yay for consistent naming)Theo Buehler
2023-04-27Remove stale references to BN reciprocal stuffTheo Buehler
2023-04-27syncTheo Buehler
2023-04-27Remove documentation of reciprocal BN which is now internal onlyTheo Buehler
2023-04-27Remove documentation of GF2m point stuffTheo Buehler
2023-04-27EC_GROUP_new() Strip out complications due to binary curves.Theo Buehler
2023-04-27Remove stale reference to BN_GF2m_add()Theo Buehler
2023-04-27syncTheo Buehler
2023-04-27Remove BN_GF2m_add.3Theo Buehler
2023-04-27Add support for (one of) the PCIe controllers on the RK3588 SoC. SinceMark Kettenis
MSIs don't work (yet) on this SoC, implement support for legacy interrupts for the Rockchip SoCs. Also drop the restrictions on the bus number range as the device tree I'm using has bus numbers start at 64 for the controller in question. ok patrick@, dlg@`
2023-04-27Fix config space access for the root bus of a dwpcie(4) controller whenMark Kettenis
the root bus number isn't zero. ok patrick@, dlg@
2023-04-27Add RK3588 support.Mark Kettenis
ok patrick@, dlg@
2023-04-27Add some RK3588 PCIe related clocks.Mark Kettenis
Also add some RK3588 resets. Whoever reviewed the bindings on Linux gave the brilliant advice that clock IDs and reset IDs should not in any way have a sane mapping to the hardware registers, even though that is the case on all older Rockchip SoCs and greatly simplifies the driver. So now we need to implement pointless lookup code. ok patrick@, dlg@
2023-04-27Remove mention of EC_GFp_nist_method and add back a .Pp that wasTheo Buehler
accidentally dropped
2023-04-27Make rpki-client choose the verification time of the time it is invokedBob Beck
rather than always getting the current system time for every certificate verification. This will result in output that is not variable on run-time. ok tb@ claudio@
2023-04-27The ASIX AX88179A chipset does not work properly with the axen(4) driver.Gerhard Roth
For now switch it to cdce(4) until native support is provided by axen(4). ok bentley@ stsp@
2023-04-27Remove braces around single lines statements using knfmt -sTheo Buehler
Pointed out by anton
2023-04-27Rework simple allocation and free functions in x509_policy.cTheo Buehler
Use calloc() instead of malloc/memset and make free functions look the same as elsewhere in the tree. ok beck jsing
2023-04-27Reimplement output-json.c using json.c from bgpctl.Claudio Jeker
Much rejoice from tb@ and job@ OK tb@
2023-04-27Remove dangling references to BN_get0_nist_prime_521(3)Theo Buehler
2023-04-27Move EC_POINT_{get,set}_Jprojective_coordinates to ec_local.hTheo Buehler
2023-04-27Nuke doxygen noiseTheo Buehler
2023-04-27Remove documentation of no longer supported EC methodsTheo Buehler
2023-04-27Remove NIST prime documentationTheo Buehler
2023-04-27syncTheo Buehler
2023-04-27Stop installing NIST prime documentationTheo Buehler