| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Requested by deraadt@
|
|
use for DHE. This enables the use of DHE cipher suites.
Rename tls_config_set_ecdhcurve() to tls_config_set_ecdhecurve() since it
is only used to specify the curve for ephemeral ECDH.
Discussed with reyk@
|
|
Tag 31 is invalid for a short form identifier octet (single byte).
KNF a little more.
Based on BoringSSL commit 5ba305643f55d37a3e45e8388a36d50c1b2d4ff5
ok miod@
|
|
ok beck@ deraadt@ miod@
|
|
ok henning
|
|
|
|
ssl3_get_cipher_by_value() in other parts of the code where it simplifies
things.
ok doug@
|
|
that are only used in this file.
tedu argues if something sucks we would fault before we can get to
these, and they dont do anything except maths. these symbols dont
need to be visible to ddb.
originally from Fritjof Bornebusch
suggested by and ok tedu@
|
|
ok tedu@
|
|
other ports do.
|
|
CBB_init_fixed() should not call free because it can lead to use after
free or double free bugs. The caller should be responsible for
creating and destroying the buffer.
From BoringSSL commit a84f06fc1eee6ea25ce040675fbad72c532afece
miod agrees with the reasoning
ok jsing@, beck@
|
|
failures return something that is actually useful to the caller.
ok reyk@
|
|
|
|
retrieved via its cipher suite value. A corresponding SSL_CIPHER_by_value()
function returns the cipher suite value for a given SSL_CIPHER. These
functions should mean that software does not need to resort to
put_cipher_by_char()/get_cipher_by_char() in order to locate a cipher.
Begrudgingly also provide a SSL_CIPHER_get_by_id() function that locates a
cipher via the internal cipher identifier. Unfortunately these have already
been leaked outside the library via SSL_CIPHER_by_id() and the various
SSL3_CK_* and TLS1_CK_* defines in the ssl3.h/tls1.h headers.
ok beck@ miod@
|
|
HP-UX defines BSIZE in its <sys/param.h>, and there is a route where its
getting included as a side-effect. I tracked back to at least from HP-UX 9.0
ca. 1993, up to the latest, so the user namespace is polluted.
from kinichiro <kinichiro.inoguchi@gmail.com>
ok miod@, jsing@
|
|
ARP information is of a different kind.
ok sthen@, claudio@
|
|
|
|
|
|
|
|
|
|
appearance of 509 in a symbol name tell you what letter to guess first.
|
|
The first two are unused in libssl/libcrypto and OPENSSL_NO_RC5 is already
defined via openssl/opensslfeatures.h.
ok beck@ doug@ miod@
|
|
this split across files, especially when two of them have less code than
license text.
ok bcook@ beck@ doug@ miod@
|
|
|
|
|
|
|
|
ok mpi@ claudio@ henning@ and more at s2k15
|
|
entropy after resuming.
Tested on i386 and amd64.
ok deraadt@
|
|
|
|
this lets you run a filter function against each mbuf on a list or
queue. if the filter matches on an mbuf, it can return non-zero to
have ml_filter or mq_filter remove the mbuf and return it as part
of a chain of mbufs.
ok mpi@ claudio@ henning@ and s2k15 generally.
|
|
ok tedu miod
|
|
constructing imsgs.
ok reyk@
|
|
CBS_get_asn1() and CBS_get_any_asn1_element() only support the single
byte ASN.1 identifier octets (aka short form tags). Tag number 31 is
the start of the multi-byte long form per X.690 section 8.1.2.4.
From BoringSSL commit 2683af70e73f116e14db2bca6290fa4a010a2ee4
ok miod@
|
|
hardware behaviour on Thinkpads making it harder for software state and
hardware state get out of sync.
ok deraadt@
|
|
ok tedu@, guenther@, miod@
|
|
messages don't remain and pollute the line
|
|
which case its symbols will be used.
Which means that `hangman -k' is equivalent to `hangman -d /bsd' now.
ok beck@ tedu@
|
|
OK florian@
|
|
boot.
ok mlarkin
|
|
kdump includes all headers with ioctls and the v4l videoio.h
already defines these. Found the hard way by deraadt.
The types will be patched out of future libdrm updates.
|
|
are not necessary because the caller already ensures these. the tail
section for handing mlock can be shared as well.
ok beck guenther
|
|
ok miod
|
|
smaller-than-a-logical-page allocations, while logical page size and larger
are passed to uvm.
So in the worst case, the kernel will end up needing about 20 vax pages out
of it: 1 for non-console serial chips, up to 2 per Ethernet controller,
1 per SCSI controller, up to 3 for the clock or SSC chip, 1 for the cpmbox,
up to 3 for model-specific mappings (VS_REGS, KA650 stuff), 1 for the leds,
and up to 3 for frame buffer registers.
Thus shrinking from 128 pages to 32 is still large enough.
|
|
rather than hardcoded values.
|
|
|
|
legitimately use random section variables without execve failures...
Because this section is not demand faulted, yield() every page during
the fill otherwise the costs are charged poorly.
ok tedu matthew
|
|
ok deraadt
|
|
support 802.11b. Extended from a diff by dlg, stsp agrees.
|
|
|
