wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

	Commit message (Collapse)	Author	Files	Lines
2017-01-26	Select the routing domain to be used for kill states by host or by	benno	2	-15/+32
	label, by adding a -V <rdomain> option. written by Bertrand Provost, provost DOT bertrand AT gmail DOT com, thanks. ok florian@, with feedback from florian and jmc.
2017-01-26	english is hard.	beck	1	-2/+2

2017-01-26	Limit the number of sequential empty records that we will process	beck	4	-7/+30
	before yielding, and fail if we exceed a maximum. loosely based on what boring and openssl are doing ok jsing@
2017-01-26	Refactor the code to generate a WANT_READ into a function, as we are	beck	1	-18/+20
	using it more and more to avoid spins. ok jsing@
2017-01-26	Remove most of SSL3_ENC_METHOD - we can just inline the function calls	jsing	11	-135/+63
	and defines since they are the same everywhere. ok beck@
2017-01-26	Move relatively new version range code from ssl_lib.c into a separate	jsing	3	-158/+175
	ssl_versions.c file. ok beck@
2017-01-26	Rename s3_{both,clnt,pkt_srvr}.c to have an ssl_ prefix since they are no	jsing	5	-6/+6
	longer SSLv3 code. ok beck@
2017-01-26	Merge the client/server version negotiation into the existing (currently	jsing	16	-1229/+395
	fixed version) client/server code. ok beck@
2017-01-26	deactivate the existing pledge regress tests, they need	benno	1	-3/+4
	some changes to work again. activate new ioctl subdirectory.
2017-01-26	add check for pledge(pf), and pledge(pf) + fd passing	benno	5	-0/+412

2017-01-26	enable compiler warnings and fix them.	benno	2	-6/+8

2017-01-26	Remove unused _REL variable	rpe	1	-2/+2
	OK aja@
2017-01-26	Document ERR_load_BN_strings(3).	schwarze	1	-11/+47
	jsing@ confirmed that this function is public and worth documenting. This page needs much more work, it is outrageously incomplete and unclear. For example, it remains unexplained what error strings are, what "registering" means and what the benefit for the application is, what happens if it is not done, or what happens if an error occurs after calling ERR_free_strings(3). I tried to read the code, but it is so contorted that i postponed that work. For example, it looks like there are hooks for applications to replace the functions used for registering strings by other, application-supplied functions, and, of course, there are many levels of macro and function wrappers. For now, i only documented the most obvious BUGS.
2017-01-26	Move setting _OSrev to immediately after verifying _KERNV and exit	rpe	1	-3/+4
	early if _OSrev is empty. OK aja@
2017-01-26	No need to escape '.' in shell patterns - it has no special meaning.	rpe	1	-2/+2
	OK aja@
2017-01-26	Spacing and use arithmetic test	rpe	1	-3/+3
	OK aja@
2017-01-26	Each entry in REGRESS_TARGETS is run in a separate make process, so the	jmatthew	1	-8/+9
	.END target will kill ldapd after each one. To compensate, make each test target depend on bootstrap to ensure ldapd is running. In .END, remove the pid file after killing ldapd so reduce noise.
2017-01-26	Allocate the mbuf before the netlock. While here, move the setting of	dhill	1	-21/+8
	nflag closer to where its value is used. ok mpi@
2017-01-26	The only difference between armv7 and arm64 fdt virtio attachments is an	jsg	5	-465/+6
	uneeded include. Remove the include and move to MI fdt directory.
2017-01-26	add fdt config line to synopsis	jsg	1	-2/+3

2017-01-26	Use numeric exit codes consistently rather than a mix	beck	1	-11/+11
	ok jsing@
2017-01-26	style	beck	1	-1/+1

2017-01-26	Fix the structure initialzation to compile. bad inioguchi and millert :)	beck	1	-1/+1
	ok jsing@ rpe@
2017-01-26	Remove ssl3_undef_enc_method - if we have internal bugs we want to segfault	jsing	5	-36/+8
	so that we can debug it, rather than adding a "should not be called" error to the stack. Discussed with beck@
2017-01-26	Remove a sess_cert reference from a comment in the public header.	jsing	1	-5/+2
	Noted by zhuk@
2017-01-26	Do not hold the netlock while pool_get() may sleep. It is not	bluhm	1	-2/+2
	necessary to lock code that initializes a new socket structure before it has been linked to any global list. OK mpi@
2017-01-25	split the tls_init(3) that had grown fat to allow healthy future growth;	schwarze	15	-888/+1474
	suggested by jsing@; "i would just chuck it in" jmc@
2017-01-25	Clear option before adding to array if no -a, reported by Michael	nicm	1	-3/+5
	Nickerson.
2017-01-25	Do not try to execute this test on !m88k archs.	mpi	1	-1/+3
	Logic taken from the sparc64 regress, to avoid false negative on bluhm@'s regression test infrastructure.
2017-01-25	Introduce a hack to remove false-positives when looking for memory	mpi	3	-3/+24
	allocation that can sleep while holding the NET_LOCK(). To be removed once we're confident the remaining code paths are safe. Discussed with deraadt@
2017-01-25	Add infrastructure to build LLVM for mips64.	patrick	8	-2/+246
	"check with visa@" kettenis@ "go ahead" visa@
2017-01-25	Since raw_input() and route_input() are gone from pr_input, we can	bluhm	29	-167/+83
	make the variable parameters of the protocol input functions fixed. Also add the proto to make it similar to IPv6. OK mpi@ guenther@ millert@
2017-01-25	Fix array initialization syntax for ocspcheck.c	inoguchi	1	-1/+1
	Conformance to C99, and avoiding build break on VisualStudio and HP-UX. OK millert@
2017-01-25	As NET_LOCK() is a read/write lock, it can sleep in sotask(). So	bluhm	1	-3/+2
	the TASKQ_CANTSLEEP flag is no longer valid for the splicing thread. OK mikeb@
2017-01-25	document BN_asc2bn(3);	schwarze	1	-3/+27
	jsing@ confirmed that it is a public function worth documenting
2017-01-25	Fix build on mips64.	visa	1	-2/+2

2017-01-25	Add xterm+edit to tmux so that we get the old Home and End sequences	nicm	1	-5/+6
	(only the modified ones are needed from xterm+pcfkeys).
2017-01-25	Revert previous for now, it will break TERM=screen.	nicm	3	-42/+21

2017-01-25	If xterm-keys is on, use xterm(1) style keys for Home and End as well as	nicm	4	-24/+45
	modified keys.
2017-01-25	off-by-one, leading to segfaults. Trivial fix.	espie	1	-2/+2
	reported by jasper@
2017-01-25	if the fs got badly damaged, display a decent error message instead of	espie	1	-1/+8
	erroring out when we can't read a plist.
2017-01-25	In some cases, pkg_info -e spec would display the spec instead of the	espie	1	-2/+2
	actual pkg name as intended. (forgot who reported that one, sorry)
2017-01-25	some run environnement do not properly reset signals (e.g., python) and	espie	1	-1/+2
	as a result pkg_add + signify fails with weird error messages, as it relies on default SIGPIPE behavior. Finally fix the problem, sanitize our running environment before forking. Problem reported by various people.
2017-01-25	remove __BEGIN_DECLS and __END_DECLS from http.h	inoguchi	2	-10/+2
	sync with ocspcheck and acme-client ok benno@
2017-01-25	bring changes from acme-client over here.	benno	1	-56/+54
	ok beck@
2017-01-25	Build amd64 kernels with -ffreestanding. Synchronize the arm64 and armv7	kettenis	3	-17/+11
	kernel makefiles, that are using -ffreestanding already, with the amd64 one. Other architectures will follow later. ok jca@, visa@
2017-01-25	Update ssl versions regress to handle min/max configured versions and	jsing	1	-47/+201
	the cover the ssl_supported_version_range() function.
2017-01-25	Limit enabled version range by the versions configured on the SSL_CTX/SSL,	jsing	3	-23/+84
	provide an ssl_supported_versions_range() function which also limits the versions to those supported by the current method. ok beck@
2017-01-25	__errno() returns a 32-bit pointer, so make sure we write a 32-bit	patrick	1	-2/+2
	value to and not overwrite other bits by writing a 64-bit value.
2017-01-25	Add start of a regress for cert gen and validation. not clean, won't	beck	5	-0/+394
	hook it up yet