summaryrefslogtreecommitdiffstats
path: root/regress (unfollow)
Commit message (Collapse)AuthorFilesLines
2021-04-04Replace wg_tag with wg_packetMatt Dunwoodie1-291/+292
I'll be the first to admit (but not the first to complain) about the wg_tag situation. It made it very difficult to manage mbufs (that may be reallocated with functions such as m_pullup). It was also not clear where allocation was occuring. This also gets rid of the ring buffers in wg_softc, which added no performance in this situation. They also used memory unnecessarily and increased the complexity. I also used this opportunity to get rid of the confusing t_mbuf/t_done situation and revert to a more understandable UNCRYPTED/CRYPTED/DEAD packet state. I don't believe there were any issues with the old style, but to improve readability is always a welcome addition. With these changes we can start encrypting packets in place (rather than copying to a new mbuf), which should increase performance. This also simplifies length calculations by using m_* functions and reading the pkthdr length.
2021-04-04Count all handshake packetsMatt Dunwoodie1-2/+1
2021-04-04Satisfy my ordering of struct elements and prototoypesMatt Dunwoodie1-3/+3
2021-04-04Expand on key clearing messageMatt Dunwoodie1-1/+3
2021-04-04Error out if peer provider without public keyMatt Dunwoodie1-2/+4
2021-04-04Ensure a peer has a consistent PSK (if set when creating)Matt Dunwoodie3-12/+13
2021-04-04Add noise_local_deinit to zero private keysMatt Dunwoodie3-0/+10
2021-04-03Add a guard page between I/O virtual address space allocations. The ideapatrick1-3/+4
is that IOVA allocations always have a gap in-between which produces a fault on access. If a transfer to a given allocation runs further than expected we should be able to see it. We pre-allocate IOVA on bus DMA map creation, and as long as we don't allocate a PTE descriptor, this comes with no cost. We have plenty of address space anyway, so adding a page-sized gap does not hurt at all and can only have positive effects. Idea from kettenis@
2021-04-03Exclude the first page from I/O virtual address space, which is the NULLpatrick1-3/+4
pointer address. Not allowing this one to be allocated might help find driver bugs, where the device is programmed with a NULL pointer. We have plenty of address space anyway, so excluding this single page does not hurt at all and can only have positive effects. Idea from kettenis@
2021-04-03Run the CMAC tests through EVP_PKEY_new_CMAC_key().tb1-10/+22
2021-04-03typos in comments; GHPR#180 from Ville Skyttädjm3-6/+6
2021-04-03sync CASignatureAlgorithms lists with reality. GHPR#174 fromdjm2-8/+10
Matt Hazinski
2021-04-03highly polished whitespace, mostly fixing spaces-for-tab and baddjm40-153/+156
indentation on continuation lines. Prompted by GHPR#185
2021-04-03whitespace (tab after space)djm4-9/+9
2021-04-03fix incorrect plural; from Ville Skyttä via GHPR#181djm1-3/+3
2021-04-03ensure that pkcs11_del_provider() is called before exit - some PKCS#11djm1-1/+5
providers get upset if C_Initialize is not matched with C_Finalize. From Adithya Baglody via GHPR#234; ok markus
2021-04-03unused variabledjm1-2/+2
2021-04-03Fix two problems in string->argv conversion: 1) multiple backslashesdjm1-7/+4
were not being dequoted correctly and 2) quoted space in the middle of a string was being incorrectly split. A unit test for these cases has already been committed prompted by and based on GHPR#223 by Eero Häkkinen; ok markus@
2021-04-02Remove superflouus mmcpy()dv1-2/+1
Reported by Preben Guldberg. ok mlarkin@
2021-04-02In http_connect() if the connect was actually successful break out of theclaudio1-6/+17
for loop. Also in http_finish_connect() if the connect was successful cleanup the addrinfo struct. It is no longer needed. Found with deraadt@
2021-04-02info gotten via getnameinfo in http_connect() is not used anymore, it isderaadt1-7/+1
old debugging gunk ok claudio
2021-04-02Two cases of BRE involving counts and backrefs that go wrong andotto1-1/+16
similar that have no isssues. Reported by Michael Paoli. Failing cases commented out for now.
2021-04-02Include the default cert.pem file path in tls_load_file error message.claudio1-2/+2
Should help for -portable where sometimes the cert.pem is missing.
2021-04-02Show DTLS1.2 message with openssl(1) s_server and s_clientinoguchi1-2/+6
ok jsing@ tb@
2021-04-02Don't leak the uri of a delta with duplicate serial.tb1-1/+3
ok claudio deraadt
2021-04-02swap rname and mname in debug output, and handle the USE_CD flageric1-3/+4
from Boudewijn Dijkstra
2021-04-02configyyrename.h is no longer needed with the switch to flex -P c_.florian1-124/+0
This was also removed upstream. OK sthen
2021-04-02Implement ZONEMD (RFC8976), based on DS (ds_43.c)florian3-2/+124
OK sthen
2021-04-02if cipher list is not specified for a relay action, use the globaleric1-3/+6
cipher list if defined. otherwise fallback to libtls default. ok millert@
2021-04-02fix sentence structure;jmc1-3/+3
2021-04-02tweak previous;jmc1-3/+4
2021-04-02fix typo + some whitespacetb1-5/+5
2021-04-02Fix Dale's email addresstb4-8/+8
ok drahn
2021-04-02syncderaadt6-21/+21
2021-04-02don't put ptys onto the ramdisk mediaderaadt6-14/+7
from miod
2021-04-02Indent struct members like everywhere else.tb1-6/+6
2021-04-02Document ioctl(2)'s for vmm(4). OK kn@.dv1-2/+43
2021-04-01Update manpage about RRDPjob1-4/+10
OK claudio@
2021-04-01update currency exchange rates;jmc1-39/+39
2021-04-01sort options list;jmc1-6/+6
2021-04-01spellingderaadt1-2/+2
2021-04-01Sort usage: rR -> Rrtb1-2/+2
2021-04-01RRDP is currently off by default.claudio1-1/+2
2021-04-01Tweak log_debug() verbiage to reduce repetitive infokrw1-21/+44
(ACK/NAK), add details (DISCOVER/REQUEST) and provide before/after info for SSID/LLADDR/MTU changes.
2021-04-01Initial commit of RRDP (The RPKI Repository Delta Protocol - RFC8182) supportclaudio10-450/+3252
in rpki-client. For now it is off by default. All XML processing is done in its own process with minimal pledge rights. It uses the already present https process to fetch the xml files and uses the master porcess to handle the file IO into the repositories. RRDP data is stored in the cache under ./rrdp/ and the first directory is the SHA256 hash of the notify URI. Fetching snapshots and deltas works to bring the cache up to date. If something goes wrong rpki-client will fall back to rsync. RRDP was implemented by Nils Fisher and integrated into rpki-client by myself. "Time to get it in" deraadt@
2021-04-01For the snprintf range check demo, add a (size_t) cast in the right placederaadt1-3/+3
which will satisfy the toughest compiler options
2021-04-01Also immediately accept the *first* OFFER if it matches the requested address,krw1-2/+5
rather than waiting for select_timeout to expire before accepting the same OFFER.
2021-04-01Clean up nonexistent/unused properties handlingkn1-12/+1
Never used since import and probably just ported over from NetBSD as-is; "design-capacity" does not exist in the device tree binding. "monitor-interval-ms" defaults to 250ms as per binding and could be used in the sensor_task_register() call, but our framework only supports whole seconds and there's no advantage over our current fixed poll interval of 5s. OK patrick
2021-04-01Remove extraneous call of vm_getbyvmid during pause eventdv1-2/+1
The vm is already being assigned by a call in the if-condition.
2021-04-01Abate superfluous lines from remote serversjob1-1/+2
OK claudio@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.