| Age | Commit message (Collapse) | Author |
|---|
|
already listed in SYNOPSIS;
while here, rework the ifconfig sentence into something simpler, tweaked
by jsg to mention the "media" keyword;
ok jsg
|
|
|
|
From Stylon Wang
118ad80d27d938868299ef184f7483b21f011f0b in linux-6.1.y/6.1.15
0cf8307adbc6beb5ff3b8a76afedc6e4e0b536a9 in mainline linux
|
|
From Stylon Wang
075e2099c32cf4486b27266d2aecf61e95499ea4 in linux-6.1.y/6.1.15
ead08b95fa50f40618c72b93a849c4ae30c9cd50 in mainline linux
|
|
From Nicholas Kazlauskas
4da108082a3290804ebbd42d70ce8535c00e4637 in linux-6.1.y/6.1.15
e383b12709e32d6494c948422070c2464b637e44 in mainline linux
|
|
instead of getting it from p_ps. The old approach does not work anymore
after the recent fork + exec update.
ok patrick@
|
|
from guenther@
|
|
This was presumably intended to be OPENSSL_NO_EC_NISTP_64_GCC_128, however
generic code has ended up inside the ifdef (and none of the NISTP code
or prototypes now remain).
|
|
ok miod@
|
|
This code has been deleted, however the prototypes managed to hang around.
|
|
|
|
ok kettenis@ jmatthew@
|
|
These are per-app, so per-file. Most of them already are static, adjust
the rest of them.
|
|
|
|
|
|
|
|
|
|
by LANG or LC_ALL are displayed between double quotes.
wording by guenther@
ok kn@ jmc@
|
|
related registers on all supported SoCs. Makes rktemp(4) work on
RK356x with U-Boot.
ok jmatthew@
|
|
If multiple -Ocheckpoint= options are passed, the earlier ones would
be overwritten and leaked. If we use an input file that wasn't stdin,
close that. From Coverity CIDs 291884 and 291894.
|
|
From Coverity CID 291894.
|
|
of the really old compatibility code, and with it went the need to
include compat.h in most of the files that have it.
|
|
This fixes the IPL calculations in mpic_calc_mask() in the presence
of IPL_MPSAFE interrupts such as mvneta(4).
ok patrick@ kettenis@ dlg@
|
|
|
|
|
|
starting to edit an unused GPT partition.
|
|
than advertised in the RK3568. This value is present in the Linux
driver and implies the new register layout. So handle both values.
This makes GPIOs on the RK3566 actually work.
ok patrick@
|
|
muxings. Implement support for this.
ok patrick@
|
|
|
|
|
|
Fix year on my copyright.
|
|
|
|
ok deraadt@
|
|
ok deraadt@
|
|
each process a fresh and unique address space to further improve randomization
of ASLR and stack protector.
ok bluhm@ patrick@
|
|
Do not display such ciphers in the usage display and error out if
they are given. As pointed out by Pauli Dale, the current situation
is confusing.
Fixes GH issues #786 and #819
ok jsing
|
|
We have long had expensive checks for DSA domain parameters in
old_dsa_priv_decode(). These were implemented in a more complicated
way than necesary.
ok beck jsing
|
|
This makes sure that the elliptic curve is not completely stupid.
This is conservative enough: the smallest named groups that we support
have an order of 112 bits.
ok beck jsing
|
|
ECDSA is essentially the same thing as DSA, except that it is slightly
less stupid. Signing specifies an infinite loop, which is only possible
with arbitrary ECDSA domain parameters. Fortunately, most use of ECDSA
in the wild is based on well-known groups, so it is known a priori that
the loop is not infinite. Still, infinite loops are bad. A retry is
unlikely, 32 retries have a probability of ~2^-8000. So it's pretty
safe to error out.
ok beck jsing
|
|
The DSA standard specifies an infinite loop: if either r or s is zero
in the signature calculation, a new random number k shall be generated
and the whole thing is to be redone. The rationale is that, as the
standard puts it, "[i]t is extremely unlikely that r = 0 or s = 0 if
signatures are generated properly."
The problem is... There is no cheap way to know that the DSA domain
parameters we are handed are actually DSA domain parameters, so even
if all our calculations are carefully done to do all the checks needed,
we cannot know if we generate the signatures properly. For this we would
need to do two primality checks as well as various congruences and
divisibility properties. Doing this easily leads to DoS, so nobody does
it.
Unfortunately, it is relatively easy to generate parameters that pass
all sorts of sanity checks and will always compute s = 0 since g
is nilpotent. Thus, as unlikely as it is, if we are in the mathematical
model, in practice it is very possible to ensure that s = 0.
Read David Benjamin's glorious commit message for more information
https://boringssl-review.googlesource.com/c/boringssl/+/57228
Thanks to Guido Vranken for reporting this issue, also thanks to
Hanno Boeck who apparently found and reported similar problems earlier.
ok beck jsing
|
|
No intentional functional change.
|
|
Explicitly check against NULL and turn early return into goto err.
ok beck jsing
|
|
We already had some checks on both sides, but they were less precise
and differed between the functions. The code here is messy enough, so
any simplification is helpful...
ok beck jsing
|
|
When decoding a public or a private key, use dsa_check_key() to ensure
consistency of the DSA parameters. We do not always have sufficient
information to do that, so this is not always possible.
This adds new checks and replaces incomplete existing ones. On decoding
the private key we will now only calculate the corresponding public key,
if the sizes are sensible. This avoids potentially expensive operations.
ok beck jsing
|
|
This is a cheap check that ensures basid parameter consistency per
FIPS 186-4: 1 < g < q, that q has the allowed bit sizes 160, 224, 256
and that p is neither too small nor too large. Unfortunately, enforcing
the three allowed sizes for p is not possible since the default dsa key
generation has not respected this limitation.
Instead of checking that p and q are prime, we only check that they
are odd. Check that public and private keys, if set, are in the proper
range. In particular, disallow zero values.
Various versions of these checks have been added to the dsa code
over time. This consolidates and extends them and in a subsequent
commit wewill replace the incomplete checks. BoringSSL has a similar
function of the same name, thanks to David Benjamin for pointing it
out.
ok beck jsing
|
|
This has been missing for a while already and will be used in a
few upcoming commits.
ok beck jsing
|
|
|
|
This is `unifdef -m -DOPENSSL_NO_EC_NISTP_64_GCC_128 -UECP_NISTZ256_ASM`
and some manual tidy up.
|
|
|
|
by function return values is not fiddled with.
No intentional functional change.
|
