| Age | Commit message (Collapse) | Author |
|---|
|
To unlock kbind(2) we need to protect ps_kbind_addr and
ps_kbind_cookie.
The simplest way to do this is to disallow kbind(2) initialization
after the first __tfork(2) call. If the first thread does not
initialize the kbind(2) variables before __tfork(2) then we disable
kbind(2) during that first __tfork(2) call.
This is guenther@'s patch, I'm just committing it.
Discussed with guenther@, deraadt@, kettenis@, and mpi@.
ok kettenis@, positive response from mpi@, "I am busy" guenther@
|
|
only differ by srcid.
|
|
this code was slicing up large mallocs with sys/param.h ALIGN(). such a
scheme loses the many overflow/damage checking benefits of malloc per object.
Change the code to track independent allocations, rather than slicing.
ok gnezdo claudio
|
|
|
|
|
|
ok anton@
|
|
ok tb@
|
|
|
|
It makes no sense to allocate an entire BN_CTX if we only use it to
get a single BIGNUM, from which we subtract 1 to compare it to g.
We can just use a plain BIGNUM and delete a bunch of lines.
ok inoguchi jsing
|
|
This provides test coverage for SCT encoding/decoding.
|
|
ok markus@
|
|
ok claudio@
|
|
Sending routing messages requires a socket lock which may sleep.
ieee80211_set_link_state() is called from interrupts and timeouts where
sleeping is not allowed. mvs@ pointed out that if_link_state_change()
is already using a task for this reason.
Should fix a witness-related panic reported by cheloha@
ok mvs@ tobhe@ florian@
|
|
|
|
Guests running on Intel hosts that sleep on a lock might have their
process moved to another cpu core by the scheduler. If this happens,
the VMCS needs to be remotely cleared and locally loaded otherwise
vmx instructions will fail. vmd(8) will receive a failure code and
abort the guest.
This change stores the current (last) cpu the process was on before
attempting a function call that may sleep (e.g. uvm_fault(9)). Upon
function return, perform the VMCS dance if needed.
Tested with help from Mischa Pieters.
OK mlarkin@
|
|
|
|
conflicts in my work on making much of libcrypto opaque.
discussed with jsing
|
|
ok inoguchi jsing
|
|
|
|
ok inoguchi jsing
|
|
bus_dmamap_load_raw(9). This fixes xhci(4) on the rpi4 with the
U-Boot from ports that is installed on the arm64 installation media.
ok mglocker@, patrick@
|
|
ok inoguchi jsing
|
|
ok inoguchi jsing
|
|
BN_abs_is_word, BN_is_{zero,one,word,odd}, BN_one, BN_zero_ex are
now implemented as functions for internal use. They will be exposed
publicly to replace the macros reaching into BIGNUM in the next bump.
ok inoguchi jsing
|
|
ok inoguchi jsing
|
|
The function implementations are necessary to make BIGNUM opaque.
They will be used in libcrypto internally until they will replace
the macro implementations with the next bump.
ok inoguchi jsing
|
|
Currently there are two files for private key ASN.1 (d2i_pr.c, i2d_pr.c)
and two files for public key ASN.1 (d2i_pu.c, i2d_pu.c). All of the other
ASN.1 code has d2i and i2d in the same per-object file.
Consolidate d2i_pr.c/i2d_pr.c into a_pkey.c and consolidate
d2i_pu.c/i2d_pu.c into a_pubkey.c before making any further changes to
this code.
ok tb@
|
|
Provide ssl_kex_generate_dhe_params_auto() which handles DHE key generation
based on parameters determined by the specified key bits. Convert the
existing DHE auto parameter selection code into a function that just tells
us how many key bits to use.
Untangle and rework the server side DHE key exchange to use the ssl_kex_*
functions.
ok inoguchi@ tb@
|
|
ok inoguchi@ tb@
|
|
Call DH_check_pub_key() after decoding the peer public key - this will be
needed for the server DHE key exchange, but also benefits the client.
ok inoguchi@ tb@
|
|
the responder to match the correct policy if multiple are available.
ok patrick@
|
|
Reported by Ilya Shipitsine, discussed with jsing
|
|
|
|
|
|
adjust list width to make it all fit
|
|
|
|
ok bluhm@
|
|
other. Since this generates a full mesh, the amount of filedescriptors
needed grows quadratically with the amount of configured prefork
processes.
Might fix an out of filedescriptor bug that beck is seeing.
OK benno
|
|
|
|
|
|
ok kettenis@
|
|
ok kettenis@
|
|
- support axppmic via iic
ok kettenis@
|
|
pfkey_flush().
ok bluhm@ mvs@
|
|
ok patrick@
|
|
Call the replacement asn1_tlc_invalidate() since it does not actually
clear the ASN1_TLC.
While here, name the ASN1_TLC variables consistently as ctx, remove a
pointless comment and simplify ASN1_item_d2i() slightly.
ok inoguchi@ tb@
|
|
|
|
ASN1_item_ex_d2i() is just a wrapper around the internal asn1_item_ex_d2i()
function, so call asn1_item_ex_d2i() directly.
ok inoguchi@ tb@
|
|
pointer is passed to the function, it will return a refcounted TDB.
The ref happens when ipsp_spd_inp() copies the pointer from
ipo->ipo_tdb. The caller of ipsp_spd_lookup() has to unref after
using it.
tested by Hrvoje Popovski; OK mvs@ tobhe@
|
|
Rather than using malloc() and then initialising all struct members to zero
values, use calloc().
ok schwarze@ tb@
|
