| Age | Commit message (Collapse) | Author |
|---|
|
trailing slash; feedback/ok markus and jsg
|
|
|
|
test to pass when built without OpenSSL.
|
|
* replace #include "archdep.h" with #includes of what is used, pulling in
"syscall.h", "util.h", and "archdep.h" as needed
* delete #include <sys/syscall.h> from syscall.h
* only pull in <sys/stat.h> to the three files that use _dl_fstat(),
forward declare struct stat in syscall.h for the others
* NBBY is for <sys/select.h> macros; just use '8' in dl_printf.c
* <machine/vmparam.h> is only needed on i386; conditionalize it
* stop using __LDPGSZ: use _MAX_PAGE_SHIFT (already used by malloc.c)
where necessary
* delete other bogus #includes, order legit per style: <sys/*> then
<*/*>, then <*>, then "*"
dir.c improvement from jsg@
ok and testing assistance deraadt@
|
|
|
|
BOOT kernels do not print kernel messages, and currently there is no
way to change this at runtime. Remove the verbose device information
to save some space.
|
|
|
|
Rework the tx path to use the consumer and producer positions to work out
the number of slots available, and to put packets on the ring until fewer
than DWXE_NTXSEGS slots are left, making dwxe_start() and dwxe_txeof()
work independently. While here, only write to DWXE_TX_CTL1 once
per call to dwxe_start() rather than once per packet.
Adjust the rx interrupt path to check the number of slots in use and
return slots once per interrupt.
Add interrupt and ifq barriers before taking the interface down.
With all of this done, we can mark dwxe(4) mpsafe.
tested on arm64 (a64 sopine) by mlarkin@ and armv7 (h2+) by me
ok dlg@
|
|
|
|
ok jsing
|
|
U-Boot to initialize the hardware for us, but it is better if we can cope
with this ourselves.
ok patrick@
|
|
|
|
leaked; ok florian@
|
|
Support for non-ephemeral DH was removed a long time ago - as such, the
dh_tmp and dh_tmp_cb are used for DHE parameters. Rename them to reflect
reality.
ok inoguchi@ tb@
|
|
interface. If this operation fails (probably due to missing firmware),
we must undo changes to the SIOCSIFXFLAGS xflags.
ok stsp.
|
|
Support for non-ephemeral DH was removed a very long time ago - the only
way that dh_tmp is set is via DHparams_dup(), hence the public and private
keys are always going to be NULL.
ok inoguchi@ tb@
|
|
This requires a few more additions to the DHE key share code - we need to
be able to either set the DHE parameters or specify the number of key bits
for use with auto DHE parameters. Additionally, we need to be able to
serialise the DHE parameters to send to the client.
This removes the infamous 'tmp' struct from ssl3_state_internal_st.
ok inoguchi@ tb@
|
|
thumb code calling arm code, no need to put these input sections at the text
output section.
ok jsg@ kettenis@
|
|
|
|
discussed with jsing
|
|
|
|
the more specific LC_CTYPE. Things are weird that way.
The problem here was that "eval" and "LC_ALL=" were swapped, not the
priority of variables.
pointed out by naddy@
OK tb@
|
|
where it will be needed in the upcoming bump.
discussed with jsing
|
|
that will need it in the upcoming bump.
discussed with jsing
|
|
|
|
including the local header where it will be needed.
discussed with jsing
|
|
it will be needed in the upcoming bump.
discussed with jsing
|
|
|
|
|
|
|
|
that will need it in the upcoming bump.
discussed with jsing
|
|
ok millert
|
|
In the upcoming libcrypto bump, EVP_MD_CTX will become opaque, so
all EVP_MD_CTX variables will need to be moved from the stack to
the heap. This is a mechanical conversion which also switches
from EVP_Digest{Init,Final}() to their _ex() versions as suggested
by millert.
We cannot do error checking since this code is structured in
several layers of void functions. This will have to be fixed
by someone else.
ok millert
|
|
pass in the already read hibernate_info instead of reading it again.
ok deraadt@
|
|
it's the 'b' slice and (sanity) check against the partition count.
Also, make the "is union hibernate_info too large?" a compile time
check.
ok deraadt@
|
|
|
|
|
|
|
|
|
|
|
|
It defaults to "no", and not explicitly setting it allows us to enable
it for the (optional) hostbased test.
|
|
configured (this is the default case); ok markus@
|
|
algorithms. RSA keys can make signatures with multiple algorithms,
so some special handling is required.
ok markus@
|
|
ok markus@
|
|
|
|
with new keys, ignore NULL keys (forgot to include in prior commit)
|
|
(useless) key type; ok markus
|
|
default for the keytype. Part of unbreaking hostbased auth for RSA/SHA2
keys. ok markus@
|
|
side. Require RSA/SHA2 signatures for RSA hostkeys except when
RSA/SHA1 was explicitly negotiated during initial KEX; bz3375
ok markus@
|
|
server side. The previous code tried to prefer RSA/SHA2 for hostkey
proofs of RSA keys, but missed some cases. This will use RSA/SHA2
signatures for RSA keys if the client proposed these algorithms in
initial KEX. bz3375
Mostly by Dmitry Belyavskiy with some tweaks by me.
ok markus@
|
