sync with OpenBSD -current

etc/skel/dot.version

@@ -1 +1 @@
-# SecBSD 1.5-b8d3ce7: Fri Apr 19 00:00:00 UTC 2024 (Yatagarasu)
+# SecBSD 1.5-55906ba: Sat Apr 20 00:00:00 UTC 2024 (Yatagarasu)

lib/libcrypto/cms/cms_sd.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_sd.c,v 1.32 2024/04/07 06:34:42 tb Exp $ */
+/* $OpenBSD: cms_sd.c,v 1.33 2024/04/20 10:11:55 tb Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -1070,20 +1070,10 @@ cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
 	return 1;
 }
 
-static int
-cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
-{
-	if (EVP_get_digestbynid(nid))
-		return CMS_add_simple_smimecap(sk, nid, arg);
-	return 1;
-}
-
 int
 CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
 {
 	if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1) ||
-	    !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1) ||
-	    !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) ||
 	    !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1) ||
 	    !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1) ||
 	    !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) ||

lib/libcrypto/pkcs7/pk7_smime.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: pk7_smime.c,v 1.26 2023/02/16 08:38:17 tb Exp $ */
+/* $OpenBSD: pk7_smime.c,v 1.27 2024/04/20 10:11:55 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -152,14 +152,6 @@ add_cipher_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
 	return 1;
 }
 
-static int
-add_digest_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
-{
-	if (EVP_get_digestbynid(nid))
-		return PKCS7_simple_smimecap(sk, nid, arg);
-	return 1;
-}
-
 PKCS7_SIGNER_INFO *
 PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, EVP_PKEY *pkey,
     const EVP_MD *md, int flags)
@@ -192,10 +184,6 @@ PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, EVP_PKEY *pkey,
 				goto err;
 			}
 			if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1) ||
-			    !add_digest_smcap(smcap, NID_id_GostR3411_94, -1) ||
-			    !add_digest_smcap(smcap, NID_id_tc26_gost3411_2012_256, -1) ||
-			    !add_digest_smcap(smcap, NID_id_tc26_gost3411_2012_512, -1) ||
-			    !add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) ||
 			    !add_cipher_smcap(smcap, NID_aes_192_cbc, -1) ||
 			    !add_cipher_smcap(smcap, NID_aes_128_cbc, -1) ||
 			    !add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) ||

regress/sys/net/mpath/Makefile

@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.1 2024/02/20 20:04:51 bluhm Exp $
+#	$OpenBSD: Makefile,v 1.2 2024/04/19 22:20:36 bluhm Exp $
 
 # Copyright (c) 2024 Alexander Bluhm <bluhm@openbsd.org>
 #
@@ -35,6 +35,7 @@
 # Adjust it here, if you want to use something else.
 N1 =		11
 NUMS =		${N1}
+IPS !=		jot 100 100
 
 # Traffic distribution has not been implemented for IPv6.
 REGRESS_EXPECTED_FAILURES +=	run-netstat6
@@ -68,13 +69,13 @@ ifconfig: unconfig
 	${SUDO} /sbin/ifconfig lo$n rdomain $n
 	${SUDO} /sbin/ifconfig lo$n inet 10.0.0.1/8
 	${SUDO} /sbin/ifconfig lo$n inet 10.0.0.$n alias
-.for i in 0 1 2 3 4 5 6 7 8 9
+.for i in ${IPS}
 	${SUDO} /sbin/ifconfig lo$n inet 10.0.$n.$i alias
 	${SUDO} /sbin/route -n -T $n add -inet -blackhole -mpath -host \
 	    10.$n.0.0 10.0.$n.$i
 .endfor
 	${SUDO} /sbin/ifconfig lo$n inet6 fc00::$n alias
-.for i in 0 1 2 3 4 5 6 7 8 9
+.for i in ${IPS}
 	${SUDO} /sbin/ifconfig lo$n inet6 fc00::$n:$i alias
 	${SUDO} /sbin/route -n -T $n add -inet6 -blackhole -mpath -host \
 	    fc00::$n:0:0 fc00::$n:$i
@@ -94,7 +95,7 @@ unconfig:
 	# Destroy interfaces.
 .for n in ${NUMS}
 	-${SUDO} /sbin/ifconfig lo$n rdomain $n
-.for i in 0 1 2 3 4 5 6 7 8 9
+.for i in ${IPS}
 	-${SUDO} /sbin/route -n -T $n delete -inet6 -host \
 	    fc00::$n:0:0 fc00::$n:$i
 	-${SUDO} /sbin/route -n -T $n delete -inet -host \
@@ -109,7 +110,7 @@ REGRESS_TARGETS +=	run-netcat
 run-netcat netstat.log:
 	# count UDP IPv6 packets used with multipath routes
 	rm -f netstat.log
-.for i in 0 1 2 3 4 5 6 7 8 9
+.for i in ${IPS}
 	/usr/bin/nc -4 -V${N1} -u -z -s10.0.${N1}.$i 10.${N1}.0.0 discard
 .endfor
 	/usr/bin/netstat -T${N1} -f inet -rn >netstat.log
@@ -126,10 +127,10 @@ run-netstat: netstat.log
 	    }\
 	    END{\
 		print "mpath "mpath", uses "uses", max "max", used "used;\
-		if (mpath != 10) { print "not 10 mpath: " mpath; exit 1; }\
-		if (uses != 10) { print "not 10 uses: " uses; exit 1; }\
-		if (max > 5) { print "max more than 5: " max; exit 1; }\
-		if (used < 5) { print "used less than 5: " used; exit 1; }\
+		if (mpath != 100) { print "not 100 mpath: " mpath; exit 1; }\
+		if (uses != 100) { print "not 100 uses: " uses; exit 1; }\
+		if (max > 30) { print "max more than 30: " max; exit 1; }\
+		if (used < 50) { print "used less than 50: " used; exit 1; }\
 	    }' \
 	    netstat.log
 
@@ -137,7 +138,7 @@ REGRESS_TARGETS +=	run-netcat6
 run-netcat6 netstat6.log:
 	# count UDP IPv6 packets used with multipath routes
 	rm -f netstat6.log
-.for i in 0 1 2 3 4 5 6 7 8 9
+.for i in ${IPS}
 	/usr/bin/nc -6 -V${N1} -u -z -sfc00::${N1}:$i fc00::${N1}:0:0 discard
 .endfor
 	/usr/bin/netstat -T${N1} -f inet6 -rn >netstat6.log
@@ -154,10 +155,10 @@ run-netstat6: netstat6.log
 	    }\
 	    END{\
 		print "mpath "mpath", uses "uses", max "max", used "used;\
-		if (mpath != 10) { print "not 10 mpath: " mpath; exit 1; }\
-		if (uses != 10) { print "not 10 uses: " uses; exit 1; }\
-		if (max > 5) { print "max more than 5: " max; exit 1; }\
-		if (used < 5) { print "used less than 5: " used; exit 1; }\
+		if (mpath != 100) { print "not 100 mpath: " mpath; exit 1; }\
+		if (uses != 100) { print "not 100 uses: " uses; exit 1; }\
+		if (max > 30) { print "max more than 30: " max; exit 1; }\
+		if (used < 50) { print "used less than 50: " used; exit 1; }\
 	    }' \
 	    netstat6.log
 

sys/dev/pci/drm/amd/amdgpu/amdgpu_devlist.h

@@ -215,6 +215,9 @@ static const struct pci_matchid amdgpu_devices[] = {
 	/* GC 11.0.1, DCN 3.1.4, APU, Ryzen 7040 "Phoenix" */
 	{0x1002, 0x15bf },	/* Radeon 740M / 760M / 780M */
 
+	/* GC 11.0.1, DCN 3.1.4, APU, Ryzen 8040 "Hawk Point" */
+	{0x1002, 0x1900 },	/* Radeon 760M / 780M */
+
 	/* GC 11.0.2, DCN 3.2.1, dGPU, "Navi 33" */
 	{0x1002, 0x7480 },	/* Radeon RX 7600S, 7700S, 7600M XT,
 				   7600, 7600 XT, Pro W7600 */
@@ -225,9 +228,12 @@ static const struct pci_matchid amdgpu_devices[] = {
 	{0x1002, 0x7470 },	/* Radeon Pro W7700 */
 	{0x1002, 0x747e },	/* Radeon RX 7700 XT, 7800 XT */
 
-	/* GC 11.0.4, DCN 3.1.4, APU, "Phoenix 2" */
+	/* GC 11.0.4, DCN 3.1.4, APU, Ryzen 7040, "Phoenix" */
 	{0x1002, 0x15c8 },	/* Radeon 740M */
 
+	/* GC 11.0.4, DCN 3.1.4, APU, Ryzen 8040, "Hawk Point" */
+	{0x1002, 0x1901 },	/* Radeon 740M */
+
 	/* GC 11.5.0, DCN 3.5.0, APU, linux >= 6.7 */
 	/* GC 11.5.1, DCN 3.5.0, APU, linux >= 6.9 */
 };

sys/dev/pci/pcidevs

@@ -1,4 +1,4 @@
-$OpenBSD: pcidevs,v 1.2073 2024/04/09 01:22:19 jsg Exp $
+$OpenBSD: pcidevs,v 1.2074 2024/04/20 08:54:01 jsg Exp $
 /*	$NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $	*/
 
 /*
@@ -1326,8 +1326,8 @@ product ATI CYAN_SKILLFISH_2	0x143f	Cyan Skillfish
 product ATI PPB_1		0x1478	PCIE
 product ATI PPB_2		0x1479	PCIE
 product ATI MENDOCINO		0x1506	Mendocino
-product ATI PHOENIX		0x15bf	Phoenix
-product ATI PHOENIX2		0x15c8	Phoenix 2
+product ATI PHOENIX_1		0x15bf	Phoenix
+product ATI PHOENIX_2		0x15c8	Phoenix
 product ATI PICASSO		0x15d8	Picasso
 product ATI RAVEN_VEGA		0x15dd	Radeon Vega
 product ATI RAVEN_VEGA_HDA	0x15de	Radeon Vega HD Audio
@@ -1342,6 +1342,8 @@ product ATI YELLOW_CARP_1	0x164d	Rembrandt
 product ATI RAPHAEL		0x164e	Raphael
 product ATI YELLOW_CARP_2	0x1681	Rembrandt
 product ATI RADEON_HD6500D_HDA	0x1714	Radeon HD 6500D HD Audio
+product ATI HAWK_POINT_1	0x1900	Hawk Point
+product ATI HAWK_POINT_2	0x1901	Hawk Point
 product ATI RADEON_M241P	0x3150	Mobility Radeon X600
 product ATI FIREMV_2400_1	0x3151	FireMV 2400
 product ATI RADEON_X300M24	0x3152  Mobility Radeon X300

sys/dev/pci/pcidevs.h

@@ -2,7 +2,7 @@
  * THIS FILE AUTOMATICALLY GENERATED.  DO NOT EDIT.
  *
  * generated from:
- *	OpenBSD: pcidevs,v 1.2073 2024/04/09 01:22:19 jsg Exp 
+ *	OpenBSD: pcidevs,v 1.2074 2024/04/20 08:54:01 jsg Exp 
  */
 /*	$NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $	*/
 
@@ -1331,8 +1331,8 @@
 #define	PCI_PRODUCT_ATI_PPB_1	0x1478		/* PCIE */
 #define	PCI_PRODUCT_ATI_PPB_2	0x1479		/* PCIE */
 #define	PCI_PRODUCT_ATI_MENDOCINO	0x1506		/* Mendocino */
-#define	PCI_PRODUCT_ATI_PHOENIX	0x15bf		/* Phoenix */
-#define	PCI_PRODUCT_ATI_PHOENIX2	0x15c8		/* Phoenix 2 */
+#define	PCI_PRODUCT_ATI_PHOENIX_1	0x15bf		/* Phoenix */
+#define	PCI_PRODUCT_ATI_PHOENIX_2	0x15c8		/* Phoenix */
 #define	PCI_PRODUCT_ATI_PICASSO	0x15d8		/* Picasso */
 #define	PCI_PRODUCT_ATI_RAVEN_VEGA	0x15dd		/* Radeon Vega */
 #define	PCI_PRODUCT_ATI_RAVEN_VEGA_HDA	0x15de		/* Radeon Vega HD Audio */
@@ -1347,6 +1347,8 @@
 #define	PCI_PRODUCT_ATI_RAPHAEL	0x164e		/* Raphael */
 #define	PCI_PRODUCT_ATI_YELLOW_CARP_2	0x1681		/* Rembrandt */
 #define	PCI_PRODUCT_ATI_RADEON_HD6500D_HDA	0x1714		/* Radeon HD 6500D HD Audio */
+#define	PCI_PRODUCT_ATI_HAWK_POINT_1	0x1900		/* Hawk Point */
+#define	PCI_PRODUCT_ATI_HAWK_POINT_2	0x1901		/* Hawk Point */
 #define	PCI_PRODUCT_ATI_RADEON_M241P	0x3150		/* Mobility Radeon X600 */
 #define	PCI_PRODUCT_ATI_FIREMV_2400_1	0x3151		/* FireMV 2400 */
 #define	PCI_PRODUCT_ATI_RADEON_X300M24	0x3152		/* Mobility Radeon X300 */

sys/dev/pci/pcidevs_data.h

@@ -2,7 +2,7 @@
  * THIS FILE AUTOMATICALLY GENERATED.  DO NOT EDIT.
  *
  * generated from:
- *	OpenBSD: pcidevs,v 1.2073 2024/04/09 01:22:19 jsg Exp 
+ *	OpenBSD: pcidevs,v 1.2074 2024/04/20 08:54:01 jsg Exp 
  */
 
 /*	$NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $	*/
@@ -3436,12 +3436,12 @@ static const struct pci_known_product pci_known_products[] = {
 	    "Mendocino",
 	},
 	{
-	    PCI_VENDOR_ATI, PCI_PRODUCT_ATI_PHOENIX,
+	    PCI_VENDOR_ATI, PCI_PRODUCT_ATI_PHOENIX_1,
 	    "Phoenix",
 	},
 	{
-	    PCI_VENDOR_ATI, PCI_PRODUCT_ATI_PHOENIX2,
-	    "Phoenix 2",
+	    PCI_VENDOR_ATI, PCI_PRODUCT_ATI_PHOENIX_2,
+	    "Phoenix",
 	},
 	{
 	    PCI_VENDOR_ATI, PCI_PRODUCT_ATI_PICASSO,
@@ -3499,6 +3499,14 @@ static const struct pci_known_product pci_known_products[] = {
 	    PCI_VENDOR_ATI, PCI_PRODUCT_ATI_RADEON_HD6500D_HDA,
 	    "Radeon HD 6500D HD Audio",
 	},
+	{
+	    PCI_VENDOR_ATI, PCI_PRODUCT_ATI_HAWK_POINT_1,
+	    "Hawk Point",
+	},
+	{
+	    PCI_VENDOR_ATI, PCI_PRODUCT_ATI_HAWK_POINT_2,
+	    "Hawk Point",
+	},
 	{
 	    PCI_VENDOR_ATI, PCI_PRODUCT_ATI_RADEON_M241P,
 	    "Mobility Radeon X600",

usr.sbin/rpki-client/mft.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: mft.c,v 1.112 2024/02/22 12:49:42 job Exp $ */
+/*	$OpenBSD: mft.c,v 1.113 2024/04/20 15:45:41 job Exp $ */
 /*
  * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -201,8 +201,17 @@ mft_parse_filehash(const char *fn, struct mft *mft, const FileAndHash *fh,
 	}
 
 	type = rtype_from_mftfile(file);
-	/* remember the filehash for the CRL in struct mft */
-	if (type == RTYPE_CRL && strcmp(file, mft->crl) == 0) {
+	if (type == RTYPE_CRL) {
+		if (*found_crl == 1) {
+			warnx("%s: RFC 6487: too many CRLs listed on MFT", fn);
+			goto out;
+		}
+		if (strcmp(file, mft->crl) != 0) {
+			warnx("%s: RFC 6487: name (%s) doesn't match CRLDP "
+			    "(%s)", fn, file, mft->crl);
+			goto out;
+		}
+		/* remember the filehash for the CRL in struct mft */
 		memcpy(mft->crlhash, fh->hash->data, SHA256_DIGEST_LENGTH);
 		*found_crl = 1;
 	}