sync code with last improvements from OpenBSD

lib/libcrypto/man/ASIdentifiers_new.3

@@ -1,6 +1,6 @@
-.\" $OpenBSD: ASIdentifiers_new.3,v 1.9 2023/09/29 08:57:49 tb Exp $
+.\" $OpenBSD: ASIdentifiers_new.3,v 1.11 2023/09/30 18:16:44 tb Exp $
 .\"
-.\" Copyright (c) 2021 Theo Buehler <tb@openbsd.org>
+.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: September 29 2023 $
+.Dd $Mdocdate: September 30 2023 $
 .Dt ASIDENTIFIERS_NEW 3
 .Os
 .Sh NAME
@@ -95,14 +95,14 @@ returns a new
 .Vt ASIdentifiers
 object or
 .Dv NULL
-on if an error occurs.
+if an error occurs.
 .Pp
 .Fn d2i_ASIdentifiers
 returns an
 .Vt ASIdentifiers
 object or
 .Dv NULL
-on if a decoding or memory allocation error occurs.
+if a decoding or memory allocation error occurs.
 .Pp
 .Fn i2d_ASIdentifiers
 returns the number of bytes successfully encoded

lib/libcrypto/man/IPAddressRange_new.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: IPAddressRange_new.3,v 1.5 2023/09/28 12:35:31 tb Exp $
+.\" $OpenBSD: IPAddressRange_new.3,v 1.6 2023/09/30 13:58:29 schwarze Exp $
 .\"
 .\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: September 28 2023 $
+.Dd $Mdocdate: September 30 2023 $
 .Dt IPADDRESSRANGE_NEW 3
 .Os
 .Sh NAME
@@ -240,7 +240,7 @@ typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges;
 Since an
 .Vt IPAddressOrRanges
 object should be sorted in a specific way (see
-.Xr X509v3_addr_canonize 3 Ns ),
+.Xr X509v3_addr_canonize 3 ) ,
 a comparison function is needed for a correct instantiation
 with
 .Xr sk_new 3 .
@@ -383,7 +383,7 @@ and related functions.
 .Fn i2d_IPAddressChoice ,
 .Fn d2i_IPAddressFamily ,
 and
-.Fn i2d_IPAddressFamily ,
+.Fn i2d_IPAddressFamily
 decode and encode ASN.1
 .Vt IPAddressRange ,
 .Vt IPAddressOrRange ,
@@ -428,12 +428,12 @@ object with allocated, empty members, or
 .Dv NULL
 if an error occurs.
 .Pp
-The encoding functions
+The decoding functions
 .Fn d2i_IPAddressRange ,
 .Fn d2i_IPAddressOrRange ,
 .Fn d2i_IPAddressChoice ,
 and
-.Fn d2i_IPAddressFamily ,
+.Fn d2i_IPAddressFamily
 return an
 .Vt IPAddressRange ,
 an
@@ -452,7 +452,7 @@ The encoding functions
 .Fn i2d_IPAddressOrRange ,
 .Fn i2d_IPAddressChoice ,
 and
-.Fn i2d_IPAddressFamily ,
+.Fn i2d_IPAddressFamily
 return the number of bytes successfully encoded
 or a value <= 0 if an error occurs.
 .Sh SEE ALSO

lib/libcrypto/man/X509v3_addr_add_inherit.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509v3_addr_add_inherit.3,v 1.7 2023/09/29 08:57:49 tb Exp $
+.\" $OpenBSD: X509v3_addr_add_inherit.3,v 1.9 2023/09/30 16:01:18 tb Exp $
 .\"
 .\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: September 29 2023 $
+.Dd $Mdocdate: September 30 2023 $
 .Dt X509V3_ADDR_ADD_INHERIT 3
 .Os
 .Sh NAME
@@ -128,9 +128,11 @@ the call fails.
 is expected to be a byte array in network byte order.
 It should point at enough memory to accommodate
 .Fa prefixlen
-bits and it is recommended that all the bits not covered by
-the prefixlen be set to 0.
-It is the caller's responsibility to ensure that the prefix
+bits and it is recommended that all the bits not covered by the
+.Fa prefixlen
+be set to 0.
+It is the caller's responsibility to ensure that the
+.Fa prefix
 has no address in common with any of
 the prefixes or ranges already in the list.
 If
@@ -281,7 +283,7 @@ hexdump(const unsigned char *buf, size_t len)
 	size_t i;
 
 	for (i = 1; i <= len; i++)
-		printf(" 0x%02x,%s", buf[i - 1], i % 8 ? "" : "\en");
+		printf(" 0x%02x,%s", buf[i \- 1], i % 8 ? "" : "\en");
 	if (len % 8)
 		printf("\en");
 }
@@ -295,7 +297,7 @@ main(void)
 	int der_len;
 	size_t i;
 
-	if (pledge("stdio", NULL) == -1)
+	if (pledge("stdio", NULL) == \-1)
 		err(1, "pledge");
 
 	/*
@@ -319,7 +321,7 @@ main(void)
 
 		len = inet_net_pton(AF_INET, prefixes[i], addr,
 		    sizeof(addr));
-		if (len == -1)
+		if (len == \-1)
 			errx(1, "inet_net_pton(%s)", prefixes[i]);
 		if (!X509v3_addr_add_prefix(addrblocks, IANA_AFI_IPV4,
 		    &unicast, addr, len))
@@ -373,7 +375,7 @@ d2i_IPAddrBlocks(IPAddrBlocks **addrblocks, const unsigned char **in,
 	if ((v3_addr = X509V3_EXT_get_nid(NID_sbgp_ipAddrBlock)) == NULL)
 		return NULL;
 	return (IPAddrBlocks *)ASN1_item_d2i((ASN1_VALUE **)addrblocks,
-	    in, len, ASN1_ITEM_ptr(v3_addr->it));
+	    in, len, ASN1_ITEM_ptr(v3_addr\->it));
 }
 
 int
@@ -382,9 +384,9 @@ i2d_IPAddrBlocks(IPAddrBlocks *addrblocks, unsigned char **out)
 	const X509V3_EXT_METHOD *v3_addr;
 
 	if ((v3_addr = X509V3_EXT_get_nid(NID_sbgp_ipAddrBlock)) == NULL)
-		return -1;
+		return \-1;
 	return ASN1_item_i2d((ASN1_VALUE *)addrblocks, out,
-	    ASN1_ITEM_ptr(v3_addr->it));
+	    ASN1_ITEM_ptr(v3_addr\->it));
 }
 .Ed
 .Pp
@@ -415,12 +417,12 @@ RFC 7249: Internet Number Registries
 .Pp
 .Rs
 .%T Address Family Numbers
-.%U https://www.iana.org/assignments/address-family-numbers
+.%U https://www.iana.org/assignments/address\-family\-numbers
 .Re
 .Pp
 .Rs
 .%T Subsequent Address Family Identifiers (SAFI) Parameters
-.%U https://www.iana.org/assignments/safi-namespace
+.%U https://www.iana.org/assignments/safi\-namespace
 .Re
 .Sh HISTORY
 These functions first appeared in OpenSSL 0.9.8e
@@ -441,7 +443,7 @@ with public API.
 .Fn X509v3_addr_add_range
 should check for inverted range bounds and overlaps
 on insertion and fail instead of creating a nonsensical
-.Fa addr
+.Fa addrblocks
 that fails to be canonized by
 .Fn X509v3_addr_canonize .
 .Pp

lib/libcrypto/man/X509v3_addr_get_range.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509v3_addr_get_range.3,v 1.1 2023/09/26 18:35:34 tb Exp $
+.\" $OpenBSD: X509v3_addr_get_range.3,v 1.2 2023/09/30 14:12:40 schwarze Exp $
 .\"
 .\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: September 26 2023 $
+.Dd $Mdocdate: September 30 2023 $
 .Dt X509V3_ADDR_GET_RANGE 3
 .Os
 .Sh NAME
@@ -53,15 +53,13 @@ The
 .Fa length
 must be large enough to accommodate an address for
 .Fa afi ,
-which for
-.Dv IANA_AFI_IPV4 ,
-is at least 4,
-and for
-.Dv IANA_AFI_IPV6
-at least 16.
+which is at least 4 for
+.Dv IANA_AFI_IPV4
+and at least 16 for
+.Dv IANA_AFI_IPV6 .
 .Sh RETURN VALUES
 .Fn X509v3_addr_get_afi
-returns the afi encoded in
+returns the AFI encoded in
 .Fa af
 or 0 if
 .Fa af

lib/libcrypto/man/X509v3_addr_inherits.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509v3_addr_inherits.3,v 1.2 2023/09/27 08:46:46 tb Exp $
+.\" $OpenBSD: X509v3_addr_inherits.3,v 1.3 2023/09/30 14:21:57 schwarze Exp $
 .\"
 .\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: September 27 2023 $
+.Dd $Mdocdate: September 30 2023 $
 .Dt X509V3_ADDR_INHERITS 3
 .Os
 .Sh NAME
@@ -65,9 +65,7 @@ or the
 lists has
 .Fa type
 .Dv ASIdentifierChoice_inherit .
-Otherwise
-.Fn X509v3_asid_inherits 3
-returns 0.
+Otherwise it returns 0.
 .Sh SEE ALSO
 .Xr ASIdentifiers_new 3 ,
 .Xr ASRange_new 3 ,
@@ -102,5 +100,5 @@ There is no API that determines whether all lists contained in an
 .Vt ASIdentifiers
 or an
 .Vt IPAddrBlocks
-objects inherit.
+object inherit.
 See RFC 9287, 5.1.2 for an example where this is relevant.

lib/libcrypto/man/X509v3_addr_subset.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509v3_addr_subset.3,v 1.1 2023/09/28 12:36:36 tb Exp $
+.\" $OpenBSD: X509v3_addr_subset.3,v 1.2 2023/09/30 14:24:00 schwarze Exp $
 .\"
 .\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: September 28 2023 $
+.Dd $Mdocdate: September 30 2023 $
 .Dt X509V3_ADDR_SUBSET 3
 .Os
 .Sh NAME
@@ -62,12 +62,12 @@ then
 .Fa child
 is a subset of
 .Fa parent .
-(In particular, a
+In particular, a
 .Dv NULL
 .Fa parent
 is allowed for a
 .Dv NULL
-.Fa child Ns .)
+.Fa child .
 .It
 If
 .Fa parent
@@ -159,7 +159,7 @@ If both
 and
 .Fa parent
 are in canonical form,
-they cannot fail.
+these functions cannot fail.
 .Sh SEE ALSO
 .Xr ASIdentifiers_new 3 ,
 .Xr ASRange_new 3 ,

lib/libcrypto/man/X509v3_addr_validate_path.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509v3_addr_validate_path.3,v 1.3 2023/09/29 15:41:06 tb Exp $
+.\" $OpenBSD: X509v3_addr_validate_path.3,v 1.5 2023/09/30 19:07:38 tb Exp $
 .\"
 .\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: September 29 2023 $
+.Dd $Mdocdate: September 30 2023 $
 .Dt X509V3_ADDR_VALIDATE_PATH 3
 .Os
 .Sh NAME
@@ -31,7 +31,7 @@
 .Fo X509v3_addr_validate_resource_set
 .Fa "STACK_OF(X509) *chain"
 .Fa "IPAddrBlocks *addrblocks"
-.Fa "int allow_inheritance"
+.Fa "int allow_inherit"
 .Fc
 .Ft int
 .Fn X509v3_asid_validate_path "X509_STORE_CTX *ctx"
@@ -39,7 +39,7 @@
 .Fo X509v3_asid_validate_resource_set
 .Fa "STACK_OF(X509) *chain"
 .Fa "ASIdentifiers *asid"
-.Fa "int allow_inheritance"
+.Fa "int allow_inherit"
 .Fc
 .Sh DESCRIPTION
 Both RFC 3779 extensions require additional checking in the certification
@@ -49,19 +49,18 @@ path validation.
 The initial set of allowed IP address and AS number resources is defined in
 the trust anchor, where inheritance is not allowed.
 .It
-All IP address delegation or AS number delegation extensions
+An issuer may only delegate subsets of resources present in its
+RFC 3779 extensions or subsets of resources inherited from its issuer.
+.It
+If an RFC 3779 extension is present in a certificate,
+the same type of extension must also be present in its issuer.
+.It
+All RFC 3779 extensions
 appearing in the validation path must be in canonical form
 according to
 .Xr X509v3_addr_is_canonical 3
 and
 .Xr X509v3_asid_is_canonical 3 .
-.It
-If the IP address delegation extension is present in a certificate,
-it must also be present in its issuer.
-Similarly for the AS identifiers delegation extension.
-.It
-An issuer may only delegate subsets of resources present in its
-RFC 3779 extensions or subsets of resources inherited from its issuer.
 .El
 .Pp
 .Fn X509v3_addr_validate_path
@@ -157,7 +156,7 @@ is
 .Dv NULL
 or empty.
 If
-.Fa allow_inheritance
+.Fa allow_inherit
 is 0,
 .Fa addrblocks
 or

lib/libcrypto/man/X509v3_asid_add_id_or_range.3

@@ -1,6 +1,6 @@
-.\" $OpenBSD: X509v3_asid_add_id_or_range.3,v 1.7 2023/09/29 08:57:49 tb Exp $
+.\" $OpenBSD: X509v3_asid_add_id_or_range.3,v 1.9 2023/09/30 18:16:44 tb Exp $
 .\"
-.\" Copyright (c) 2021-2023 Theo Buehler <tb@openbsd.org>
+.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: September 29 2023 $
+.Dd $Mdocdate: September 30 2023 $
 .Dt X509V3_ASID_ADD_ID_OR_RANGE 3
 .Os
 .Sh NAME
@@ -163,6 +163,7 @@ Ranges must not overlap,
 .\" contain at least two elements,
 and adjacent ranges must be fully merged.
 .El
+.Pp
 .Fn X509v3_asid_canonize
 merges adjacent ranges
 but refuses to merge overlapping ranges or to discard duplicates.
@@ -286,8 +287,12 @@ arguments on failure.
 .Pp
 RFC 3779 does not explicitly disallow ranges where the minimum
 is equal to the maximum.
-The isolated AS identifier a and
-the AS range [a,a] where the minimum and the maximum are equal to a
+The isolated AS identifier
+.Fa min
+and the AS range
+.Bq Fa min , Ns Fa min
+where the minimum and the maximum are equal to
+.Fa min
 have the same semantics.
 .Fn X509v3_asid_is_canonical
 accepts both representations as valid and

usr.bin/kdump/kdump.1

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: kdump.1,v 1.37 2023/04/17 05:43:12 jmc Exp $
+.\"	$OpenBSD: kdump.1,v 1.38 2023/09/30 13:03:40 naddy Exp $
 .\"
 .\" Copyright (c) 1990, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -29,7 +29,7 @@
 .\"
 .\"	from: @(#)kdump.1	8.1 (Berkeley) 6/6/93
 .\"
-.Dd $Mdocdate: April 17 2023 $
+.Dd $Mdocdate: September 30 2023 $
 .Dt KDUMP 1
 .Os
 .Sh NAME
@@ -100,13 +100,39 @@ Display absolute timestamps for each entry (seconds since the Epoch).
 If both options are specified, display timestamps relative to trace start.
 .It Fl t Ar trstr
 Select which tracepoints to display.
-The argument can contain one or more of the letters
-.Cm cinpstuxX+ .
-See the
-.Fl t
-option of
-.Xr ktrace 1
-for the meaning of the letters.
+The argument can contain one or more of the following letters.
+By default all trace points except for
+.Cm X
+are enabled.
+.Pp
+.Bl -tag -width flag -offset indent -compact
+.\" Keep this list in sync with ktrace(1) and ltrace(1).
+.It Cm c
+trace system calls
+.It Cm i
+trace I/O
+.It Cm n
+trace namei translations
+.It Cm p
+trace violation of
+.Xr pledge 2
+restrictions
+.It Cm s
+trace signal processing
+.It Cm t
+trace various structures
+.It Cm u
+trace user data coming from
+.Xr utrace 2
+.It Cm x
+trace argument vector in
+.Xr execve 2
+.It Cm X
+trace environment in
+.Xr execve 2
+.It Cm +
+trace the default points
+.El
 .It Fl u Ar label
 Display
 .Xr utrace 2

usr.bin/ktrace/ktrace.1

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ktrace.1,v 1.32 2022/07/30 07:19:30 jsg Exp $
+.\"	$OpenBSD: ktrace.1,v 1.33 2023/09/30 13:03:40 naddy Exp $
 .\"
 .\" Copyright (c) 1990, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -29,7 +29,7 @@
 .\"
 .\"	from: @(#)ktrace.1	8.1 (Berkeley) 6/6/93
 .\"
-.Dd $Mdocdate: July 30 2022 $
+.Dd $Mdocdate: September 30 2023 $
 .Dt KTRACE 1
 .Os
 .Sh NAME
@@ -119,6 +119,7 @@ By default all trace points except for
 are enabled.
 .Pp
 .Bl -tag -width flag -offset indent -compact
+.\" Keep this list in sync with kdump(1) and ltrace(1).
 .It Cm c
 trace system calls
 .It Cm i

usr.bin/ktrace/ltrace.1

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ltrace.1,v 1.10 2016/07/18 09:36:50 guenther Exp $
+.\"	$OpenBSD: ltrace.1,v 1.11 2023/09/30 13:03:40 naddy Exp $
 .\"
 .\" Copyright (c) 2013 Miodrag Vallat.
 .\"
@@ -43,7 +43,7 @@
 .\"
 .\"	from: @(#)ktrace.1	8.1 (Berkeley) 6/6/93
 .\"
-.Dd $Mdocdate: July 18 2016 $
+.Dd $Mdocdate: September 30 2023 $
 .Dt LTRACE 1
 .Os
 .Sh NAME
@@ -107,6 +107,7 @@ The default is just
 The following table equates the letters with the trace points:
 .Pp
 .Bl -tag -width flag -offset indent -compact
+.\" Keep this list in sync with kdump(1) and ktrace(1).
 .It Cm c
 trace system calls
 .It Cm i