| Age | Commit message (Collapse) | Author |
|---|
|
As per usual. Stylistic adjustments and missing error check.
ok jsing
|
|
This aligns eckey's parameter decoding routine with the one of other
cipher abstractions: better variable names, single exit and add missing
check for EVP_PKEY_assign_EC_KEY().
ok jsing
|
|
Factor out the pubkey computation and bring it into more sensible form.
This removes lots of pointless setting of errors (twice) and makes the
code a bit easier on the eyes. Other than that perform some stylistic
cleanup like single exit and add an error check for EVP_PKEY_assign().
ok jsing
|
|
|
|
We end up here only if mft1 == NULL, which can happen because file1 == NULL.
Use file2 instead because mft2 != NULL implies file2 != NULL.
ok job
|
|
|
|
This is a bandaid, the proc_parser_mft() is too complex and needs reworking
OK tb@
|
|
Improves performance on my 8 cores box. ok cheloha@ kettenis@
|
|
The TLSv1.3 stack didn't support this in the first place, and in the legacy
stack it only added some dubious BIO_flush(3) calls. The sleep call between
SSL_read(3) and SSL_write(3) advertised in the comment next to the flag has
been a sleep call in the s_server since time immemorial, nota bene between
calls to BIO_gets(3). Anyway. This can all go and what remains will go with
the next major bump.
ok jsing
|
|
This undocumented, incomplete public function has never done anything
useful. It will be removed from libssl. Removing it from openssl(1)
clears the way for this.
ok jsing
|
|
ok jsing
|
|
If it is not set it will use the current rtable. It will not force every
login to the default (0) rtable. For that rtable should be set to 0.
OK schwarze@ a long time ago
|
|
Right now only sys/queue.h is required to be included for imsg.h. The
only exception is if imsg_composev() is used, then sys/uio.h is needed
to access struct iovec.
OK tb@
|
|
Create and use the MP safe version of the interface counters for
lo(4). Input packets were counted twice. As interface input queue
is already counting, remove input count in if_input_local().
Multicast and siplex packets are counted at the ethernet interface.
Add a comment that this not MP safe.
OK mvs@
|
|
Most of these functions are only called from this file internally apart
from the pem_str lookups from pem/. In the next major bump we can then
remove asn/ameth_lib.c. Also move EVP_PKEY_ASN1_METHOD to evp_local.h.
While this is used to dispatch to various ASN.1 decoding routines, it
doesn't fit into asn1/ at all.
|
|
|
|
|
|
Also add a reminder to remove most of the public API in this file.
|
|
ago, but some code in drmopen() remained which means that opening a drm
device node with a minor that matches the range for the "control" nodes
will hit a kernel assertion. A similar issue exists for "render" nodes
corresponding to a driver that only supports KMS (such as rkdrm(4)).
Add checks to see if the minor is valid and return ENXIO if that isn't the
case to prevent a kernel crash.
ok jsg@, miod@
|
|
This way all the EVP_MD accessors are in the order of the struct fields.
Well, arguably the EVP_MD_meth* should come first, but they are scheduled
to go meet the dodo.
|
|
This way the accessors are sorted the same way as the struct.
|
|
This way the file has EVP_Digest*, then EVP_MD_CTX new/free/clean,
then ctrl then the EVP_MD_CTX accessors, then the EVP_MD accessors
and finally the EVP_MD_meth stuff and the order of things starts
making a wee bit of sense.
|
|
This way new/free aka create/destroy are next to each other. reset/cleanup
are the same thing and init will join the club after some other fixing
because two APIs that do the exact same thing aren't enough.
|
|
|
|
|
|
|
|
These are ~200 lines of EVP_MD API that separated two parts of the file
dedicated to EVP_CIPHER thingies.
|
|
EVP_Digest{Init,Update,Final}() move from digest.c to evp_digest.c which
will become the home of all things related to EVP_MD{,_CTX} handling.
EVP_Cipher{Init,Update,Final}() move from evp_enc.c to evp_cipher.c which
will become the home of all things related to EVP_CIPHER{,_CTX} handling.
EVP_Encode{Init,Update,Final}() move from encode.c to evp_encode.c which
already is the home of EVP_ENCODE_CTX_{new,free}().
discussed with jsing
|
|
This way we don't need to cast from BY_DIR * to char * and back in
its only consumer, the lovely by_dir.
|
|
|
|
|
|
help, pointers and OK bluhm@
|
|
This is basically the same as the dh and dsa version, except it's
different because it's EC. Single exit, uniform error checking.
"Plug" another leak.
With this I earned another shining turd for my collection.
ok jsing
|
|
Another copy-paste-then-tweak-and-diverge version of the same old thing.
Fix it the same way as pkey_rsa_paramgen() and pkey_dh_paramgen(). The
callbacks are initialized at the top and the weird error checking is
turned into something much simpler.
ok jsing
|
|
Similar to pkey_rsa_paramgen() this function does some strange dances
with the pkey_gencb and initialization plus missing error checks. Fix
all that and use the idiom established in previous commits.
ok jsing
|
|
The EC code came later, and people got better at writing terrible code.
In this case, they could remain quite close to what they copy-pasted
from DH, so it was relatively straightforward (for once). There's only
one slight extra twist and that's easily dealt with.
ok jsing
|
|
Very similar to pkey_dh_keygen(): single exit and hold on to an extra
reference by calling EVP_PKEY_set1_DSA() instead of assigning the DSA
to the pkey. "Fixes" another leak that Coverity missed.
ok jsing
|
|
Single exit, fix error checking and hold on to the DH by keeping a
reference. In other words, switch from EVP_PKEY_assign() to using
EVP_PKEY_set1_DH() and free unconditionally in the error path.
ok jsing
|
|
The usual: single exit, error check all functions even if they can't
actually fail. This one was flagged again.
ok jsing
CID 471706 (false positive)
|
|
As usual, make the function single exit. Initialize the pkey callback
pointer and the BN_GENCB on the stack at the top rather than relying
on the weird trans_cb() in evp_pkey_set_cb_translate() to do so.
Greatly simplify the control flow and add missing error checks.
ok jsing
|
|
Turn the function into single exit and error check EVP_PKEY_assign()
for style.
ok jsing
|
|
Again change this function into the single exit idiom, and error check
EVP_PKEY_assign().
ok jsing
|
|
A void pointer can be passed without any cast or assigning it to an
intermediate variable. That's one of hte puzzling things in old OpenSSL
code: there are plenty of unnecessary casts and assignments of void
pointers.
Make use of this fact and rework the function to be single exit, error
check consistently, including the EVP_PKEY_assign() call that can't
really fail and free the cmkey on exit.
Why coverity didn't flag this one is another mystery.
ok jsing
|
|
Calling EVP_KEY_assign_GOST(pkey, NULL) has the same effect as calling
EVP_PKEY_set_type(pkey, EVP_PKEY_GOSTR01). The only difference is that
the latter form allows for error checking while the former won't let
you do that. Add comments explaining what we're actually doing: freeing
and zeroing the pkey->pkey union.
ok jsing
|
|
Again this can't actually fail, but if it did, things would leak.
Call GOST_KEY_free() in the error path.
ok jsing
CID 471706 (false positive)
|
|
Make this function single exit, check and assign and finally error
check EVP_PKEY_assign(). This can't actually fail currently, but
if it did, things would leak. Free the key data with freezero.
ok jsing
CID 471704 (false positive)
|
|
okay tb@
(logic NOT simplified because I don't want to risk introducing bugs,
and the compiler knows as much boolean logic as me)
|
|
This driver is not working yet. Scanning almost works but a lot more
work remains to be done. So far most of the porting work was done by
myself, with some help from mpi, patrick, and kettenis.
Obviously this driver remains disabled for now. Enable relevant lines
in the kernel config if you want to help out with development.
At present firmware files must be obtained manually and placed
in the directory /etc/firmware/qwx/WCN6855/hw2.1/
This will be improved later.
Thanks to the OpenBSD Foundation for supporting this effort.
|
|
OK bluhm@
|
|
dwqe(4) interfaces may trigger the "dwqe_watchdog" function and stop
transmitting packets under heavy Tx load. In this situation, ifconfig(8)
will permanently show OACTIVE until the interface is restarted (ifconfig
down/up).
The problem seems to be triggered by writing to the Tx ring tail pointer
register multiple times during dwqe_start(). Updating the Tx ring tail
pointer only after all Tx descriptors have been updated seems to fix it.
The fix is based on the eqos(4) driver in NetBSD. Verified on an Intel
Elkhart Lake machine but might affect other platforms with DesignWare
Ethernet Quality-of-Service Controller version 4.
Testing by bluhm@, ok kettenis@
|
