- drop ref to non-installed g++(1) page
- drop ref to clang that isn;t particularly helpful and only relevant
to some platforms, as suggested by kettenis
Streamline X509_REQ_check_private_key() a bit
Use better variable names, split the success from the error path and
return directly rather than using an ok variable.
ok jsing
Clean up X509_to_X509_REQ()
Use better variable names. X509_REQ_new() sets the version to the only
specified version, so there is no point to set it. Extract the subject
name, then assign to make it more obvious that we error happens if the
cert has a missing subject. Switch to X509_get0_pubkey() to avoid some
strange dance with a strangely named variable to adjust the refcount.
ok jsing
Further simplify X509_REQ_get_extensions()
Instead of inlining a poor version of ASN1_TYPE_unpack_sequence() with
missing error checks, just call the real thing. It's safer and simpler.
ok jsing
Back then I faced intermittent file-system corruptions for which setting
FUA (Force Unit Access) did help. In the meantime it turned out that
those file-system corruptions were most likely caused by the slot issues.
Now that we fixed the slot management and limited to one slot for now,
remove FUA again, which increases the write performance significantly.
Don't do math on KVA to get the required slot offset since that could
cause invalid pointers depending on the compiler interpretation of
(void *). Instead work with the structure pointer itself.
Proposed by dlg@
Don't schedule interrupt aggregation when commands are still in-progress.
As of the documentation:
"NOTE Write operations to IACTH and IATOVAL are only allowed when no
commands are outstanding."
Instead we only schedule interrupt aggregation at the start of the
SCSI command call, when all commands have completed.
Don't relay on the doorbell register to track our slots. As of the
documentation:
"UTRLDBR is a volatile register; software should only use its value to
determine commands that have completed, not to determine which commands
have previously been issued."
Instead we use the CCB structure to track our slots, as proposed by dlg@.
CAVEAT: Since using more than one slot is currently causing OCS errors,
we limit the slots to one until we can find a solution.
Remove leftover logic of SSL2 support
SSL2_CF_8_BYTE_ENC was set by things such as RC4_64_WITH_MD5, which fell
victim to tedu's axe a decade ago. Zap that.
ok jsing
Plug a "leak" in ssl_security_group()
The way the CBB API is used, CBB_add_u16() and CBB_finish() can't actually
fail here, but if they could, cbb->base would leak. Rewrite this code with
the proper idioms to make it look right.
ok jsing
Align RSA and EC key generation with each other
Being two different cryptographic primitives, it is clear that there must
be some differences between RSA and EC keygen, but they don't have to be
entirely different. We need to set the key type, RSA needs a bit size and
ECDSA needs a curve. That's all the differences there need to be.
Garbage collect a few useless elses and avoid two exit labels paths where
one would do just fine.
As another small bonus, this file no longer uses "deprecated API", so the
portable fork can get rid of an ugly openssl 3 patch if they want to.
ok florian
- for pwraction, point to acpibtn(4)
- for lidaction, document the value 0
- for lidaction, adjust the description to a format similar
to that of pwraction
ok kettenis deraadt