| Age | Commit message (Collapse) | Author |
|---|
|
by me and others indicate that it is the optimum.
|
|
making the number of pools variable. Do not document the malloc
conf settings atm, don't know yet if they will stay. Thanks to all
the testers. ok deraadt@
|
|
declared static.
OK guenther@
|
|
|
|
OK claudio@
|
|
* Use .Vt for struct names and other type names like in_port_t.
* Use .Dv for #define'd constants like CPUSTATES and KERN_SYSVIPC_INFO.
* Use .Va for sysctl variable names like "machdep".
Not touching some of the .Li use related to networking; that stuff
looks suspicious in more than one way and a diff would need review.
|
|
ok kn
|
|
understand with the three-operand instructions.
No binary change with gas.
|
|
|
|
tsleep(9)'s maximum timeout shrinks as HZ grows, so this ensures we do
not return early from longer timeouts on alpha or on custom kernels.
POSIX says you cannot return early unless a signal is delivered, so
this makes us more compliant with the standard.
While here, remove the 100 million second upper bound. It is an
artifact from itimerfix() and it serves no discernible purpose.
ok tedu@ visa@
|
|
from Lauri Tirkkonen
|
|
|
|
Omission reported by reyk and Alice Wonder.
ok bcook jsing
|
|
or aarch64. Needed to build userland with clang.
OK visa@ kettenis@
|
|
about functions that are deprecated, identical to other functions, and
never made sense in the first place.
As deraadt@ points out, we should not hide the information that
matters in a heap of clutter. It would waste reader's time and
make confusion and accidental misuse more likely.
OK deraadt@ jmc@
|
|
EVP_MD_CTX_free() instead if the goal is to avoid leaking memory.
From my corresponding upstream commit, reminded by schwarze
|
|
from Matt Caswell <matt at openssl dot org>
via OpenSSL commit d45a97f4 Mar 5 17:41:49 2018 +0000.
|
|
is no need to know at which time BN_pseudo_rand(3) was made the
same as BN_rand(3). Considering that question might even mislead
people to attempt ill-advised #ifdef'ing.
Pointed out by deraadt@.
|
|
Also clarify to which algorithms it applies.
From Matt Caswell <matt at openssl dot org>
via OpenSSL commit d45a97f4 Mar 5 17:41:49 2018 +0000.
Document
EVP_PKEY_CTX_get_rsa_padding(3), EVP_PKEY_CTX_get_rsa_pss_saltlen(3),
EVP_PKEY_CTX_set_rsa_mgf1_md(3), and EVP_PKEY_CTX_get_rsa_mgf1_md(3).
From Antoine Salon <asalon at vmware dot com>
via OpenSSL commit 87103969 Oct 1 14:11:57 2018 -0700
from the OpenSSL_1_1_1-stable branch, which is still under a free license.
|
|
Inspired by OpenSSL commit 6da34cfb Jun 2 16:17:32 2018 -0400
by Ken Goldman <kgoldman at us dot ibm dot com>,
but use the same wording as in ASN1_item_new(3) instead.
|
|
from <Matthias dot St dot Pierre at ncp dash e dot com>
via OpenSSL commit 5777254b May 27 09:07:07 2018 +0200.
|
|
via OpenSSL commit 521738e9 Oct 5 14:58:30 2018 -0400
|
|
Say so, and note that OpenSSL followed suit in 1.1.0 according
to OpenSSL commit 5ecff87d Jun 21 13:55:02 2017 +0100.
|
|
argument of 3; from Beat Bolli <dev at drbeat dot li>
via OpenSSL commit bd93f1ac Jul 28 16:45:22 2018 -0400.
|
|
ok kettenis@
|
|
Inspired by OpenSSL commit a130950d Aug 23 12:06:41 2017 -0400
by Rich Salz <rsalz at openssl dot org>, but using a more explicit
wording, and fixing *both* places rather than only half of them.
|
|
inspired by OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800
by Paul Yang <yang sot yang at baishancloud dot com>,
but without creating a RETURN VALUES section because that makes
no sense here: it would either result in a confusing order of
information or in duplicate information.
|
|
from Jakub Wilk <jwilk at jwilk dot net> via
OpenSSL commit a21285b3 Aug 21 18:30:34 2018 +0200
|
|
|
|
be reset before each call to __srefill(). Passes new regress.
OK semarie@
|
|
drops CA certificates whose validity dates don't comply with the rules on
ASN.1 encoding in RFC 5280 (and predecessors - same rule goes back to at
least RFC 2459, section 4.1.2.5).
LibreSSL strictly enforces this, so attempting to validate certificates
signed by these CAs just result in the following:
error 13 at 1 depth lookup:format error in certificate's notBefore field
"probably" beck@
|
|
Skip outputting them if invalid (e.g. GENERALIZEDTIME date before 2050).
|
|
databases/tdb from ports.
|
|
passed to fread(3) directly in the FILE * and call __srefill() in
a loop without the memcpy(). This preserves the expected behavior
in all cases. OK semarie@, "This is neat" tedu@
|
|
EOF or error. This caused a regression in the cPickle python extension.
|
|
that should have been deleted before commit.
The cross reference is already present below SEE ALSO.
Glitch noticed by jsing@.
|
|
text tweaked and ok djm
|
|
ok djm
|
|
tested by many; ok florian@
|
|
OK claudio@ jca@
|
|
|
|
around broken GOST implementations. It looks like client certificates with
GOST have been completely broken since reimport of the GOST code, so no-one
is using LibreSSL this way. The client side was fixed only last week for
TLSv1.0 and TLSv1.1. This workaround is now in the way of much needed
simplifcation and cleanup, so it is time for it to go.
suggested by and ok jsing
|
|
patch from Hiltjo Posthuma <hiltjo at codemadness dot org>
|
|
invalid change cipher spec. Found due to dead assignment warnings
by the Clang static analyzer.
ok inoguchi (previous version), jsing
|
|
From Edgar Pettijohn.
|
|
This prototype was removed inadvertantly in r1.50.
OK jsing@
|
|
|
|
unveil calls should follow. ok various, including jmc
|
|
|
|
an internal detail of the library, so the string should live inside it,
not in the application code.
ok jsing
|
