| Age | Commit message (Collapse) | Author |
|---|
|
avoid an out-of-bound write for specific values and also check for
oob writes in general; with input from kettenis; ok florian@ kn@
|
|
|
|
|
|
|
|
This is the lib/builtin directory of the compiler-rt source tarball.
comments/ok patrick@, ok kettenis@
|
|
|
|
single invocation of the same. Clearer.
|
|
idiom for
the debug functions.
|
|
(unlikely) failure path remains noisy.
discussed with claudio
|
|
|
|
|
|
similarities between the two and using a common approach helps fixing bugs.
The new driver is better integrated with the device tree framework and
is faster (mainly because the DMA engine is configured properly now).
Tested on all currently supported variants of the hardware.
ok jsg@, jmatthew@
|
|
arm64 to reduce the diff between the platforms.
ok kettenis@
|
|
ok patrick@
|
|
- support mx: notation
diff from Quentin Rameau <quinq@fifth.space>
|
|
try to compute it using Hasse's bound. This works as long as the
cofactor is small enough.
Port of Brumley's fix for CVE-2019-1547 in OpenSSL 1.1.1 (old license)
tests & ok inoguchi
input & ok jsing
commit 30c22fa8b1d840036b8e203585738df62a03cec8
Author: Billy Brumley <bbrumley@gmail.com>
Date: Thu Sep 5 21:25:37 2019 +0300
[crypto/ec] for ECC parameters with NULL or zero cofactor, compute it
The cofactor argument to EC_GROUP_set_generator is optional, and SCA
mitigations for ECC currently use it. So the library currently falls
back to very old SCA-vulnerable code if the cofactor is not present.
This PR allows EC_GROUP_set_generator to compute the cofactor for all
curves of cryptographic interest. Steering scalar multiplication to more
SCA-robust code.
This issue affects persisted private keys in explicit parameter form,
where the (optional) cofactor field is zero or absent.
It also affects curves not built-in to the library, but constructed
programatically with explicit parameters, then calling
EC_GROUP_set_generator with a nonsensical value (NULL, zero).
The very old scalar multiplication code is known to be vulnerable to
local uarch attacks, outside of the OpenSSL threat model. New results
suggest the code path is also vulnerable to traditional wall clock
timing attacks.
CVE-2019-1547
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9781)
|
|
only have MTA in the loop, some implementations like Dovecot's LMTP dislike
finding '/' in an e-mail address. Since checksum is meant to be verified at
the MX that generated the SRS encoding, use alternate rfc354 base64 encode,
swapping '/' with '_' and '+' with '-'.
ok eric@ millert@
|
|
|
|
|
|
No objection from kettenis@
|
|
Change of behaviour in latest clang upgrade noticed by jsing@ during
the Go port update, where --print-libgcc-file-name is being used which
prints the compiler-rt path.
ok kettenis@
|
|
|
|
|
|
drivers is gross. discussed with visa.
|
|
X11R6).
Suggested by tb@
ok deraadt@ tb@ millert@
|
|
shorter. This subtly reduces the impact of truncation effects, as the
truncation is less likely, and if it exists it may be detected
directly by the system call with a proper error check. (this strange
justification is sadly valid in a world where people moan oh so loudly
about truncation but then don't audit and fix all instances)
ok kettenis
|
|
|
|
in simple terms (mostly as a yardstick for others to be measured against):
Entropy data stored previously is provided to the kernel during the boot
sequence and used as inner-state of a stream cipher. High quality data
is available immediately upon kernel startup. System activity (such as
disk, network, and clock device interrupts), and hardware random
generator output is collected, whitened with a crc and hash, then
periodically folded together with stream cipher inner-state and outer-
state to create a new inner state. Reads from all consumers (including
the kernel itself, which makes many requests per second) are sliced from
the same output stream, which carves the stream cipher output
unpredictably and helps improve forward and backtracking protection
beyond the strength of the stream cipher.
some discussion with djm. There may be more updates.
|
|
2) say that the data comes from the random(4) subsystem, so that curious
people can go read up on how this works
|
|
it use sysarch().
From Josh Elsasser
ok kettenis@
|
|
fix issue reported by Mikolaj Kucharski.
ok martijn@ deraadt@
|
|
problem raised with librsvg which use libtool-rust, and our libtool just die if
deplib_list is undef.
tested in bulk by sthen@ and naddy@
"modern" perl practice/syntax suggested by espie@
makes sense sthen@
ok espie@
|
|
guards. Spelunkers using grep are easily confused.
|
|
my screen.
i don;t have a copy of this book, and a brief search online shows conflicting
punctuation, but i've chosen to replace the comma splice with a full stop,
which is at least grammatically correct, and seems the most likely solution.
whether this quote needs to be in two files escapes me...
|
|
because this required a comma, i added a comma to the first part, for balance...
|
|
|
|
more intuitive locations.
|
|
has a lower priority than wifi or wired LAN and so should only be used when
no other interface is available. With this using umb(4) becomes less painful
Now ifconfig umb0 up will be enough especially if unwind(8) is used to handle
DNS requests.
OK deraadt@ job@ benno@
|
|
function and up higher in the call stack. While there also make sure that
flushing announced networks does the pftable dance. This is now also using
prefix_withdraw like most other code. Reshuffle rde_update_dispatch() a bit
so that all returns are before the first update or withdraw call. After that
the code always exits via the end of the function where the commit happens.
OK benno@
|
|
8.8.8.8. Additionally add 'or-longer' as an alias for 'all'.
OK job@ sthen@
|
|
match all prefixes that have a shorter prefixlen than the one in the request.
It will print all routes which cover the specified prefix.
OK job@ sthen@
|
|
parse_config(). The first is not called on startup which results in bgpd
using 0.0.0.0 as cluster-id.
Found and fix provided by Rivo Nurges (Rivo dot Nurges at smit dot ee)
Thanks and OK claudio@
|
|
confuse tools on some platforms. Re-enable the 3des-cbc test.
|
|
stable result when idle and under some load.
Tested by abieber@ on a R7 PRO 2700U, also by me on a R5 2500U MateBook D,
and a R7 2700X desktop.
Discussed with @nte@bsd.network.
OK abieber@
|
|
that is not in the store. Put this paricular error under verbose logging.
Agreed by deraadt@, job@
|
|
|
|
|
|
This currently supports Family 17h Zen/Zen+/Zen2 CPUs. The are still
some issues with the scaler on certain models that can be fixed later.
AMD Ryzen 2700X:
hw.sensors.ksmn0.temp0=47.50 degC
Tested by several people.
"Make a move" deraadt@
|
|
|
|
|
