| Age | Commit message (Collapse) | Author |
|---|
|
ok tb@
|
|
If tcplro is activated on lo(4), ignore the MTU with TCP packets.
They are passed along with the information that they have to be
chopped in case they are forwarded later. New netstat(1) counter
shows that software LRO is in effect. The feature is currently
turned off by default.
tested by jan@; OK claudio@ jan@
|
|
This adds a few logic curlies to end up setting the EVP_MD to EVP_md_null()
as required by the API. This way ASN1_item_sign() now knows how to behave.
"ok = (rv == 2);" beck
|
|
After a few things in libcrypto were adjusted, this diff makes issuing
certificate requests with Ed25519 work.
ok beck
|
|
|
|
|
|
|
|
since fetch.c revision 1.211, ftp removes trailingwhitespaces early so
there's no need to re-do that when parsing a header.
while here, remove an unused variable too.
ok tb, millert
|
|
Was overlooked in r1.209.
diff from 'a dog' (OpenBSD [at] anthropomorphic [dot] dog)
ok tb, sthen
|
|
specify also that it can be set globally with set-default-mode, as done
in the description of the other built-in modes.
Diff from Simon Branch (that I got via jmc@), thanks!
|
|
back to old size since the contents will be overwritten. GitHub issue
3510.
|
|
|
|
|
|
The underlining was positioned in the wrong place. This fixes
the problem and matches historic ex behavior. OK op@
|
|
|
|
Previously this directive would accept certificate algorithm names, but
these were unusable in practice as OpenSSH does not support CA chains.
part of bz3577; ok dtucker@
|
|
are valid for CA signing. Previous behaviour was to list all signing
algorithms, including certificate algorithms (OpenSSH certificates do
not support CA chains). part of bz3577; ok dtucker@
|
|
bz3581
|
|
by explicitly decoding PORT_STREAMLOCAL (a negative number) from the u32
that's passed over the multiplexing socket; previously code would just
cast, which is UB.
|
|
not showing on when running `ssh-keygen -l` on multiple keys where one
has a comment and other following keys do not. Patch from Markus Kuhn
via GHPR407, bz3580
|
|
|
|
We need to compare the printable version of the last value displayed,
not the floating point representation. Otherwise, we may print the
last value twice. OK deraadt@
|
|
ok tb@
|
|
ok tb@
|
|
No binary change on amd64
|
|
|
|
This is very dead code: the openssl app was never compiled with -DZLIB
after January 1, 2015.
|
|
Mukherjee.
|
|
outdated list of error messages. Instead, refer to the master copy
of that list in X509_STORE_CTX_get_error(3).
Suggested by and OK tb@, and beck@ also agrees with the idea.
|
|
also fix a discrepancy wrt the "original" pkg-config
thanks to tb@ for testing.
|
|
Similar to X509_get0_notBefore(3) rev. 1.6.
Requested by and OK tb@.
|
|
Fixes sign compare warnings systems with 32-bit time_t due to type
promotion. OK djm@
|
|
from Lucas (lucas [at] sexy [dot] is).
ok millert@
|
|
is basically silent.
Record errors due to missing permissions and other oddities, and display them
when we error out due to lack of targets, as a quality-of-life diagnostic.
Based on a remark from sthen@, with some feedback and tweaks from op@
okay op@, kn@
|
|
previously in configuration. Reported by John Meyers in bz3574
ok dtucker@
|
|
With tweaks from patrick@ and bluhm@.
OK bluhm@
|
|
ok bluhm@
|
|
OK tobhe@
|
|
Makes mandoc -Tlint happier
|
|
All hashes and ciphers covered by speed should be able to handle unaligned
input and output. The buffers used in openssl speed are well aligned since
they are large, so will never exercise the more problematic unaligned case.
I wished something like this was available on various occasions. It would
have been useful to point more easily at OpenSSL's broken T4 assembly.
Yesterday there were two independent reasons for wanting it, so I sat down
and did it. It's trivial: make the allocations a bit larger and use buffers
starting at an offset inside these allocations. Despite the trivality, I
managed to have a stupid bug. Thanks miod.
discussed with jsing
ok miod
|
|
This drops a bunch of unnecessary parentheses, makes the strcmp()
checks consistent and moves some "}\n\telse" to "} else".
Makes an upcoming commit smaller
|
|
This wasn't properly hidden under OPENSSL_NO_EC2M, and all it does now
is producing ugly errors and useless "statistics". While looking at this,
I found that much of speed "has been pilfered from [Eric A. Young's]
libdes speed.c program". Apparently this was an precursor and ingredient
of SSLeay. Unfortunately, it seems that this piece of the history is lost.
ok miod
PS: If anyone is bored, a rewrite from scratch of the speed 'app' would
be a welcome contribution and may be an instructive rainy day project.
The current code was written in about the most stupid way possible so as
to maximize fragility and unmaintainability.
|
|
|
|
as seen this morning, Mon-Third* does not always work. Mon-2 works for now...
calendar.uk: victoria day is obscure enough in scotland that i don;t think it
warrants worth an entry
|
|
ok phessler@ jmc@
|
|
meant as a fallback if network hardware does not support TSO. Driver
support is still work in progress. TCP output generates large
packets. In IP output the packet is chopped to TCP maximum segment
size. This reduces the CPU cycles used by pf. The regular output
could be assisted by hardware later, but pf route-to and IPsec needs
the software fallback in general.
For performance comparison or to workaround possible bugs, sysctl
net.inet.tcp.tso=0 disables the feature. netstat -s -p tcp shows
TSO counter with chopped and generated packets.
based on work from jan@
tested by jmc@ jan@ Hrvoje Popovski
OK jan@ claudio@
|
|
github PR#396.
|
|
A signed integer overflow could occur after INT_MAX bad password
attempts. Check for unlimited tries first and then increment the
counter. Also consider INT_MAX to be a valid upper limit.
ok millert@
|
|
Close pipe file descriptors if fork fails.
Also do not parse exit status of child if waitpid fails.
with input by and ok millert@
|
|
On aarch64 with llvm 15, the new -Wunaligned-access emits noise on every
one of tmux's source files. This avoids this warning by moving a u_char
to the end of the struct. This does not change the size of the struct on
any architecture.
ok nicm
|
