| Commit message (Collapse) | Author | Files | Lines |
|---|
|
technology where known. ok deraadt
|
|
No functionnal change, reduce the difference with NetBSD.
ok jmatthew@
|
|
|
|
|
|
|
|
font, rather than with the monospace font appropriate for .Bd -literal.
This fixes a minibug reported by anton@.
Implemented by no longer relying on the typical browser default of
"pre { font-family: monospace }" but instead letting <pre> elements
inherit the font family from their parent, then adding an explicit CSS .Li
class only for those displays where the manual page author requested it
by using the -literal option on the .Bd macro.
|
|
GenericSerialBus operating regions witout checking whether they're really
available. This needs to work on RAMDISK kernels as well. Since we
don't want to pull in the i2c subsystem on those, provide a separate
and much simpler dummy implementation of the GenericSerialBus access code
when SMALL_KERNEL is defined.
ok tb@
|
|
ok tb@
|
|
outfd and sending back the failure report via http_fail(). This was
partially done in the failure case of http_resolv() and resulted in
double failure reports in that case.
With and OK tb@, previous version OK deraadt@
|
|
work. Hence, add support for NTB32 in the transmit path. We already have
support for NTB32 in the receive path. We detect the supported format on
boot and can then decide on transmit which format to use.
From ehrhardt@ with gerhard@
Tested by jan@
ok sthen@
|
|
From gerhard@
"broadly OK" sthen@
|
|
icmp_send() must update IP header length if IP optaions are appended.
Such packet also has to be dispatched with IP_RAWOUTPUT flags.
Bug reported and fix co-designed by Dominik Schreilechner _at_ siemens _dot_ com
OK bluhm@
|
|
This is a first step toward making rge work with multiple queues and interrupts.
Only one queue is currently used.
While here, update the RTL8125B microcode.
ok jmatthew@
|
|
and bootp renewals with vmd(8)'s built-in dhcp server. Previous behavior
ignored did not intercept these packets and instead transmitted them.
This should make vmd(8)'s dhcp behave more as a true dhcp server should and
allows it to work properly with the new dhcpleased(8) attempting a renewal.
OK mlarkin@
|
|
powerpc64 was lacking manual pages; instead of shipping yet another
identical MD manual, merge them under MI MANPATH as usual.
Input OK deraadt
|
|
|
|
Based on some text in OpenSSL 1.1.1's EVP_PKEY_new.pod.
|
|
Adjust the region managed by the extend accordingly but avoid the first
and last page. The last page collides with the MSI address used by the
PCIe controller and not using the first page helps finding bugs.
ok patrick@
|
|
ok tb@
|
|
When server side renegotiation is triggered, the TLSv1.2 state machine
sends a HelloRequest before going to ST_SW_FLUSH and ST_OK. In this case
we do not need the transcript and currently hit the sanity check in ST_OK
that ensures the transcript has been freed, breaking server initiated
renegotiation. We do however need the transcript in the DTLS case.
ok tb@
|
|
This moves the finish_md and peer_finish_md from the 'tmp' struct to the
handshake struct, renaming to finished and peer_finished in the process.
This also allows the remaining S3I(s) references to be removed from the
TLSv1.3 client and server.
ok inoguchi@ tb@
|
|
|
|
This adds checks (based on the TLSv1.3 implementation) to ensure that the
TLS/DTLS sequence numbers do not wrap, as required by the respective RFCs.
ok inoguchi@ tb@
|
|
sebastia ran into this when attempting to update security/hcxtools.
This will be tested via wycheproof.go once the symbol is public.
ok jsing, tested by sebastia
|
|
This way the AKI and SKI printed in the tests tools look the same as before.
Requested by job@, OK job@ tb@
|
|
|
|
|
|
ok gerhard@
|
|
This cleans up events on a pause or resume, but also fixes an issue
where the vm_pipe event channels are not properly reinitialized on a
received guest leading to broken serial console.
OK pd@, mlarkin@
|
|
OK tb@
|
|
Per Intel SDM (Vol 3D, App. A.10) bit 0 should be read as a 1 if enabled.
From Adam Steen. ok mlarkin@
|
|
Since aia, aki and ski are all represented by char *, this is an
error-prone interface - as found by job. The function doesn't do
much anyway.
ok claudio
|
|
on x509_get_extensions() failure.
Fix suggested by claudio
|
|
prefer a failure rather than some sort of weird truncation
ok claudio
|
|
|
|
|
|
suggested by jsg
|
|
(rpki-client is pretty good code, couple hours of audit and I can only find
a few minor things)
|
|
|
|
truncate, but if they do, we prefer to know)
ok job claudio
|
|
ptr++
ok claudio
|
|
Update comment.
|
|
must be updated by the driver in order to get packets to flow.
In case of WPA the link state was updated as a side-effect of a successful
WPA handshake. This commit fixes the WEP and plaintext cases.
Problem reported and fix tested by Riccardo Mottola.
|
|
cross flip CLOCK_REALTIME to CLOCK_MONOTONIC.
Suggested by cheloha@, millert@, otto@ at various
stages in the time_t -> timespec conversion.
|
|
timespec values. Translate from the epoch values in leases
to timespec values in one place.
Final step to allow CLOCK_REALTIME -> CLOCK_MONOTONIC time
accounting for the active lease.
|
|
OK tb@, feedback from claudio@
|
|
Currently, SSL_is_dtls exists in both libssl and apps.c,
and one in libssl is guarded by LIBRESSL_INTERNAL and not exposed yet.
This causes portable build broke with openssl(1) and optionstest.
To solve this temporarily, rename SSL_is_dtls by apps.h.
This temporary renaming will be removed when the SSL_is_dtls() is exposed.
ok jsing@
|
|
|
|
Some devices present multiple configurations and the one chosen by default
is not always usable - for example, some have an CDC ECM config that does
not work with our cdce(4) - allow overriding to a specific config in those
cases.
From gerhard@ with tweaks to comments by me, ok patrick@
|
|
|
sthen
mpi
nicm
espie
schwarze
kettenis
claudio
patrick
sashan
kevlo
dv
kn
tb
jsing
deraadt
yasuoka
stsp
krw
job
inoguchi