| Age | Commit message (Collapse) | Author |
|---|
|
the amount of modal verbs going on;
|
|
|
|
from Nicola Tuveri (who spotted the omission of ecp_nist.c from the PR).
discussed with jsing
tested by jsg
|
|
Currently ignores the a_waitfor argument and always invokes the file
system's fsync implementation synchronously.
ok mpi@
|
|
okay mestre@
|
|
breakage.
|
|
after the constant time commits various regress tests started failing
on sparc64 ssh t9, libcrypto ec ecdh ecdsa and trying to ssh out
resulted in 'invalid elliptic curve value'
ok tb@
|
|
OK millert@ deraadt@ and jmc@ who also gave me a cluebat stick
|
|
ok deraadt@
|
|
This brings unveil into the tree, disabled by default - Currently
this will return EPERM on all attempts to use it until we are
fully certain it is ready for people to start using, but this
now allows for others to do more tweaking and experimentation.
Still needs to send the unveil's across forks and execs before
fully enabling.
Many thanks to robert@ and deraadt@ for extensive testing.
ok deraadt@
|
|
be set in condition. This makes the constant time bit-twiddling a bit
trickier, but it's not too bad. Thanks to halex for an extensive rubber
ducking session over a non-spicy spicy tabouleh falafel..
ok jsing, kn
|
|
The introduction of hw.smt means that logical CPUs can be disabled
after boot and prior to suspend/resume. If hw.smt=0 (the default),
there needs to be a way to count the number of hardware threads
available on the system at any given time.
So, import HW_NCPUONLINE/hw.ncpuonline from NetBSD and document it.
hw.ncpu becomes equal to the number of CPUs given to sched_init_cpu()
during boot, while hw.ncpuonline is equal to the number of CPUs available
to the scheduler in the cpuset "sched_all_cpus". Set_SC_NPROCESSORS_ONLN
equal to this new sysctl and keep _SC_NPROCESSORS_CONF equal to hw.ncpu.
This is preferable to adding a new sysctl to count the number of
configured CPUs and keeping hw.ncpu equal to the number of online
CPUs because such a change would break software in the ecosystem
that relies on HW_NCPU/hw.ncpu to measure CPU usage and the like.
Such software in base includes top(1), systat(1), and snmpd(8),
and perhaps others.
We don't need additional locking to count the cardinality of a cpuset
in this case because the only interfaces that can modify said cardinality
are sysctl(2) and ioctl(2), both of which are under the KERNEL_LOCK.
Software using HW_NCPU/hw.ncpu to determine optimal parallism will need
to be updated to use HW_NCPUONLINE/hw.ncpuonline. Until then, such software
may perform suboptimally. However, most changes will be similar to the
change included here for libcxx's std::thread:hardware_concurrency():
using HW_NCPUONLINE in lieu of HW_NCPU should be sufficient for determining
optimal parallelism for most software if the change to _SC_NPROCESSORS_ONLN
is insufficient.
Prompted by deraadt. Discussed at length with kettenis, deraadt, and sthen.
Lots of patch tweaks from kettenis.
ok kettenis, "proceed" deraadt
|
|
Makes it a tad easier to read through and compare with BN_swap_ct().
OK tb
|
|
const promise when processing it in the regex engine.
Minor tweak and OK schwarze@
|
|
ok beck on earlier version, markup help from Schwarze.
|
|
|
|
|
|
the EC module.
From Billy Brumley and his team, via
https://github.com/libressl-portable/openbsd/pull/94
With tweaks from jsing and me.
ok jsing
|
|
two bignums. It's saner and substantially less ugly than the existing
public BN_constantime_swap() function and will be used in forthcoming work
on constant time ECC code.
From Billy Brumley and his team. Thanks!
ok jsing
|
|
leftmost bits of a longer digest, according to FIPS 183-6, 6.4. Eliminate
a microoptimization that only converts the relevant part of the digest to
a bignum.
ok beck, jsing
|
|
ENTRY is a trapsled. Fix a few functions which fall-through into an ENTRY
macro. amd64 binaries now are free of double+-nop sequences (except for one
assember nit in aes-586.pl). Previous changes by guenther got us here.
ok mortimer kettenis
|
|
explicit about the servername argument of tls_connect_servername(3).
input & ok jsing, input & ok schwarze on earlier version
|
|
ok jsing, schwarze
|
|
a custom kernel for over 20 years.
testing mlarkin@
ok deraadt@ phessler@ jca@ matthieu@
|
|
|
|
|
|
|
|
|
|
From David Bern.
|
|
from OpenSSL, fixing many bugs and polishing many details
|
|
fixing an awkward wording noticed by tb@.
OK tb@
|
|
ok deraadt
|
|
|
|
|
|
|
|
OK kettenis@, guenther@
|
|
|
|
not replace any existing signal handlers. This makes it possible for
FUSE file systems to install their own signal handlers. Bug reported
by Bill Zissimopoulos.
ok mpi@
|
|
fuse_remove_signal_handlers(3).
ok mpi@
|
|
|
|
ok deraadt
|
|
ok deraadt
|
|
against (signed char) variable. Modern "genius" compilers simply
delete the code on unsigned char architectures, amazed they feel
lattitude to convert undefined local behaviour into much larger scope
undefined behaviour (glad to have faster but incorrect libcurses..)
ok millert
|
|
This lets other threads of the process modify the file descriptor
table even if the vn_open(9) call blocks.
The change has an effect on dup2(2) and dup3(2). If the new descriptor
is the same as the one reserved by an unfinished open(2), the system
call will fail with error EBUSY. The accept(2) system call already
behaves like this.
Issue pointed out by art@ via mpi@
Tested in a bulk build by ajacoutot@
OK mpi@
|
|
ok deraadt@
|
|
|
|
|
|
|
|
|
|
file system can access it unless the allow_other mount options is
specified. The allow_other mount option makes the file system
available to other users just like any other mounted file system.
ok mpi@
|
