| Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
that of the SecurityKeyProvider ssh/sshd_config(5) directive, as the
latter was more descriptive.
|
|
ssh_config(5) and sshd_config(5) algorithm keywords as an alias for the
corresponding query. Man page help jmc@, ok djm@.
|
|
intended number of prompts (3) and 2) it would SEGV too many incorrect
PINs were entered; based on patch by Gabriel Kihlman
|
|
The -H flag was deprecated in 1998. OK jung@
|
|
install manual pages
crank major
feedback & ok jmc@ and naddy@
|
|
from the default set (i.e. HostkeyAlgorithms=+/-...), retain the
default behaviour of preferring those algorithms that have existing
keys in known_hosts; ok markus
|
|
algorithm lists; ok markus@
|
|
ok markus@
|
|
This replaces "security key" in error/usage/verbose messages and
distinguishes between "authenticator" and "authenticator-hosted key".
ok djm@
|
|
the relationships between various scsi structs.
|
|
in the man(1) manual page. This bugfix is needed to prevent
the command "man -lw" from dereferencing a NULL pointer.
|
|
sc_link.adapter at trm_switch directly.
|
|
|
|
ok tb@
|
|
the real names.
|
|
While we do not currently do session resumption, just return the
TLS_client_method() or TLS_server_method() when asked for a method that
does TLSv1.3.
ok tb@ (who also arrived at the same diff)
|
|
|
|
|
|
|
|
In the case of a hello retry request, we need to replace the client hello
with a synthetic handshake message, switch key share to that selected by
the server, build and send a new client hello, then process the resulting
server hello.
ok tb@
|
|
In a hello retry request the server will only send the selected group and
not actually provide a key exchange. In this case we need to store the
server selected group for further processing.
ok tb@
|
|
|
|
without atomics, a smaller list.
ok mpi@ visa@
|
|
check dev_minphys for NULL before calling it.
|
|
|
|
Use flags to signal the need to switch to the legacy client and to identify
a hello retry request. This allows the caller to take appropriate action,
rather than trying to do this in the parsing/processing code.
Split the key deriviation and record protection engagement code into a
separate function, both for readability and reuse.
Change handshake states outside of the processing code.
ok tb@
|
|
fdrelease(). This makes the upper layer of file descriptor closing
free of KERNEL_LOCK() when the process does not use kqueue.
The kernel locking around fdremove() and knote_fdclose() is no longer
needed because kqueue_register() checks if there has been a race with
file descriptor close. Moreover, the locking became ineffective against
these races when filterops callbacks were allowed to sleep.
OK anton@, mpi@
|
|
This got added to the wrong functions (server side, not client) - swap the
now unimplemented send/recv functions between client and server.
ok tb@
|
|
mangling.
ok tb@
|
|
This is soon going to be used in the TLSv1.3 client code.
ok tb@
|
|
'minphys()'. Just use & check for NULL instead, since 'minphys()' is
always called on the code path ([cd|sd|st]minphys) that calls
physio().
|
|
as umsm(4). But the discrimination in the driver match functions is
obviously weak in some way, so skip this for now. We need to figure out
how to identify the retrogrades better.
|
|
|
|
|
|
This may fix rare stuttering caused by underruns in case device clock
drifts with respect to the bus clock.
|
|
|
|
direction suggested by Laurence Tratt <laurie at tratt dot net>,
part of the wording from deraadt@.
While here, add the missing STANDARDS section, correct HISTORY,
drop redundant verbiage from RETURN VALUES, and garbage collect .Tn.
OK sthen@ jmc@ millert@ and Laurence Tratt,
and deraadt@ likes one line of the patch in particular.
|
|
|
|
|
|
|
|
ok semarie, deraadt
|
|
|
|
|
|
As more and more teardown functions include barriers, or any kind of
context change, it is unsafe to continue to assume that such code paths
are atomic. So a good practise is to only free descriptor when we're
sure that no other context can access them.
Found while looking at visa@'s ttkqflush() replacement diff. The same
pattern is present in many USB drivers as found with Peter Stuge.
ok visa@
|
|
|
|
from James Hastings
|
|
|
|
-N ndots: 0, INT_MAX
The upper limit is a bit silly, everything bigger than a small number
will force domain names to be interpretet as relative.
-R retries INT_MIN, INT_MAX - 1
Specifically documented to accept negative numbers.
-W wait 0, INT_MAX
One could interpret the documentation as meaning that it accepts
negative numbers but that failes later on with an error message from
the timer code..
with deraadt, OK kn, input & OK tedu
|
|
their own CBS as a preparation for upcoming HRR diffs.
ok jsing
|
deraadt
djm
dtucker
millert
naddy
krw
schwarze
jsing
jsg
visa
patrick
ratchov
nicm
mpi
florian
tb