summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-01-05Prepare to provide X509_{set,get}_verify() and X509_STORE_get_verify_cb()Theo Buehler
as well as the X509_STORE_CTX_verify_cb and X509_STORE_CTX_verify_fn types This will fix the X509_STORE_set_verify_func macro which is currently broken, as pointed out by schwarze. ok inoguchi jsing
2022-01-05Use "bus-range" property to initialize the bus number configuration ofMark Kettenis
the bridge when present on FDT platforms. Needed on platforms like the Apple M1 to make sure the PCI bus numbers match the IOMMU setup required by the device tree. ok patrick@
2022-01-05increase lifetime of wtmp, since it is annoyingly shortTheo de Raadt
discussed with millert
2022-01-05Unindent a few lines of code and avoid shadowed variables.Theo Buehler
2022-01-05Rename {c,p}_{min,max} into {child,parent}_{min,max}Theo Buehler
2022-01-05Remove kbind(2)'s restriction that a target buffer not cross pagePhilip Guenther
boundaries: hppa has 8-byte PLT entries that sometimes do that. ok kettenis@
2022-01-05Two minor KNF tweaksTheo Buehler
2022-01-05Use child_aor and parent_aor instead of aorc and aorpTheo Buehler
suggested by jsing
2022-01-05Rename fp and fc into parent_af and child_af for readability.Theo Buehler
suggested by jsing
2022-01-05Globally rename all IPAddressFamily *f into af since this is slightlyTheo Buehler
more readable. Repeated complaints by jsing
2022-01-05Add a helper function to turn unchecked (but sound) use ofTheo Buehler
sk_find + sk_value into something easier to follow and swallow. ok inoguchi jsing
2022-01-05Hoist IPAddressFamily_cmp() to the other IPAddressFamily functions.Theo Buehler
ok inoguchi jsing
2022-01-05Call x a cert for readability.Theo Buehler
2022-01-05Now that i is free, rename j to i for use as loop variable inTheo Buehler
various loops in addr_validate_path_internal().
2022-01-05adjust Xr for fw_update to section 8;Jason McIntyre
ok afresh sthen deraadt
2022-01-05In addr_validate_path_internal() rename i to depth because that'sTheo Buehler
what it is.
2022-01-05Turn the validation_err() macro into a functionTheo Buehler
validation_err() is an ugly macro with side effects and a goto in it. At the cost of a few lines of code we can turn this into a function where the side effects are explicit and ret is now explicitly set in the main body of addr_validate_path_internal(). We get to a point where it is halfway possible to reason about the convoluted control flow in this function. ok inoguchi jsing
2022-01-05Move variable declarations in X509v3_addr_canonize() to the top ofTheo Buehler
the function and unindent some code. ok inoguchi jsing
2022-01-05Revise for tls13_key_share rename.Joel Sing
2022-01-05Rename tls13_key_share to tls_key_share.Joel Sing
In preparation to use the key share code in both the TLSv1.3 and legacy stacks, rename tls13_key_share to tls_key_share, moving it into the shared handshake struct. Further changes will then allow the legacy stack to make use of the same code for ephemeral key exchange. ok inoguchi@ tb@
2022-01-05Remove unused function arguments in iwm/iwx interrupt handlers.Stefan Sperling
pointed out by + ok millert@
2022-01-05Switch snmpd(8) to using EVP_Digest{Init,Final}_ex() and drop a noTheo Buehler
longer needed EVP_MD_CTX_reset(). ok martijn
2022-01-05syncTheo de Raadt
2022-01-05Compensate for i386 pcitag_t unionTheo de Raadt
ok jsg kettenis
2022-01-05Add error checking for EVP_Digest* to snmpd(8).Theo Buehler
ok martijn
2022-01-05Add error checking for EVP_Digest*() to snmp(1).Theo Buehler
ok martijn
2022-01-05Use new shell-based fw_update(8)Theo de Raadt
with afresh1
2022-01-05In iwx(4), fix wrong pointer assignment in iwx_bar_frame_release().Stefan Sperling
This bug caused the driver to read block ack request information sent by firmware from the wrong offset. The driver flushes buffered frames and moves its Rx block ack window based on this information. Possible consequences of this bug are packet loss or even stalled traffic if the Rx BA window gets out of sync between driver and firmware. Though this effect might get cancelled out when the driver re-syncs the BA window in its regular Rx code path. Spotted by Christian Ehrhardt.
2022-01-05Commit the correct version of fw_updateAndrew Fresh
Sigh.
2022-01-05Add the shell based fw_update and updated man pageAndrew Fresh
This allows installing firmware from the installer without having to wait to boot into a live system. commit deraadt@
2022-01-05We are moving back to a shell-script based fw_update, written in such aTheo de Raadt
way that the install script can also run it. This allows earlier retrieval of downloaded firmwares, based upon patterns found in dmesg. many iterations of this in snaps for about a month.
2022-01-05formatting nit, noticed by jmc@, thx!Marc Espie
2022-01-05Wrap long lines and add some bracesKinichiro Inoguchi
2022-01-05Use LC_CTYPE instead of LC_ALL.Martijn van Duren
Makes regress pass when LC_CTYPE is set. Found by and OK tb@
2022-01-05Check function return valueKinichiro Inoguchi
2022-01-05Checking pointer variable with NULLKinichiro Inoguchi
2022-01-05Switch proc_parser_root_cert() to not pass the entity but instead theClaudio Jeker
file, pkey and tal id. This is the last proc_parser function that needed to be converted. OK job@
2022-01-05dhcpd: straightforward conversion to HMAC_CTX on the heap, similarTheo Buehler
to what was done in spamd a while back. ok florian
2022-01-05snmpd: Straightforward conversion to EVP_* on the heap.Theo Buehler
It would be nice if someone added error checking for the EVP_Digest* calls. tested by & ok martijn
2022-01-05Straightforward conversion to EVP_* on the heap.Theo Buehler
ok martijn
2022-01-05Use calloc instead of mallocKinichiro Inoguchi
suggested by tb@
2022-01-05Check NULL first and unindent the rest of the codeKinichiro Inoguchi
suggested by tb@
2022-01-05Convert openssl(1) cms option handlingKinichiro Inoguchi
Just applying new option handling and no functional changes. Referred to verify.c and using 'verify_shared_options'. ok and comments from jsing@ and tb@
2022-01-05Provide regress for SSL public APIs.Joel Sing
This will largely test curly and inconsistent APIs that are not covered by other regress tests. Currently, this tests the wonder that is SSL_get_peer_cert_chain().
2022-01-05document -mMarc Espie
2022-01-05select all RSA hostkey algorithms for UpdateHostkeys tests, not justDamien Miller
RSA-SHA1
2022-01-05Remove bandaid to work around expected range_should_be_prefix() problem.Theo Buehler
2022-01-05Remove a bogus memcmp in range_should_be_prefix()Theo Buehler
range_should_be_prefix() currently always fails. The reason for this is that OpenSSL commit 42d7d7dd incorrectly moved a memcmp() out of an assertion. As a consequence, the library emits and accepts incorrectly encoded ipAddrBlock extensions since it will never detect ranges that MUST be encoded as a prefix according to RFC 3779, 2.2.3.7. The return -1 from this memcmp() indicates to the callers that the range should be expressed as a range, so callers must check beforehand that min <= max to be able to fail. Thus, remove this memcmp() and add a check to make_addressRange(), the only caller that didn't already ensure that min <= max. This fixes the noisy output in regress/lib/libcrypto/x509/rfc3779. ok inoguchi jsing
2022-01-05Polish X509v3_addr_subset() a bitTheo Buehler
Use child and parent instead of a and b. Split unrelated checks. Use accessors and assign to local variables to avoid ugly line wrapping. Declare vriables up front instead of mixing declarations with assignments from function returns. ok inoguchi jsing
2022-01-05Readability tweaks in addr_contains()Theo Buehler
Assign to local variables to avoid ugly line wrapping. ok inoguchi jsing
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-05 23:44:06 +0000