SecBSD/src
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sync with OpenBSD -current

Browse Source
This commit is contained in:
purplerain 2024-02-02 01:54:27 +00:00
parent 6d4aa64db6
commit 037d8115db
Signed by: purplerain
GPG Key ID: F42C07F07E2E35B7
22 changed files with 600 additions and 957 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
lib/libcrypto/bio/b_dump.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: b_dump.c,v 1.26 2023/07/29 02:32:00 tb Exp $ */
/* $OpenBSD: b_dump.c,v 1.27 2024/02/01 17:04:09 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -64,21 +64,14 @@
#include <string.h>
#include <openssl/bio.h>
#include <openssl/err.h>
#define TRUNCATE
#define DUMP_WIDTH 16
#define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH - ((i - (i > 6 ? 6 : i) + 3) / 4))
int
BIO_dump_cb(int (*cb)(const void *data, size_t len, void *u),
void *u, const char *s, int len)
{
return BIO_dump_indent_cb(cb, u, s, len, 0);
}
int
BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u),
void *u, const char *s, int len, int indent)
BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
{
char buf[288 + 1], tmp[20], str[128 + 1];
int i, j, rows, trc, written;
@ -132,7 +125,7 @@ BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u),
/* if this is the last call then update the ddt_dump thing so
* that we will move the selection point in the debug window
*/
if ((written = cb((void *)buf, strlen(buf), u)) < 0)
if ((written = BIO_write(bio, buf, strlen(buf))) < 0)
return -1;
ret += written;
@ -141,50 +134,54 @@ BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u),
if (trc > 0) {
snprintf(buf, sizeof buf, "%s%04x - <SPACES/NULS>\n",
str, len + trc);
if ((written = cb((void *)buf, strlen(buf), u)) < 0)
if ((written = BIO_write(bio, buf, strlen(buf))) < 0)
return -1;
ret += written;
}
#endif
return (ret);
}
LCRYPTO_ALIAS(BIO_dump_indent);
static int
write_fp(const void *data, size_t len, void *fp)
int
BIO_dump(BIO *bio, const char *s, int len)
{
return fwrite(data, 1, len, fp);
return BIO_dump_indent(bio, s, len, 0);
}
LCRYPTO_ALIAS(BIO_dump);
/*
* XXX - remove the functions below in the next major bump.
*/
int
BIO_dump_cb(int (*cb)(const void *data, size_t len, void *u),
void *u, const char *s, int len)
{
BIOerror(ERR_R_DISABLED);
return -1;
}
int
BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u),
void *u, const char *s, int len, int indent)
{
BIOerror(ERR_R_DISABLED);
return -1;
}
int
BIO_dump_fp(FILE *fp, const char *s, int len)
{
return BIO_dump_cb(write_fp, fp, s, len);
BIOerror(ERR_R_DISABLED);
return -1;
}
LCRYPTO_ALIAS(BIO_dump_fp);
int
BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent)
{
return BIO_dump_indent_cb(write_fp, fp, s, len, indent);
BIOerror(ERR_R_DISABLED);
return -1;
}
LCRYPTO_ALIAS(BIO_dump_indent_fp);
static int
write_bio(const void *data, size_t len, void *bp)
{
return BIO_write((BIO *)bp, (const char *)data, len);
}
int
BIO_dump(BIO *bp, const char *s, int len)
{
return BIO_dump_cb(write_bio, bp, s, len);
}
LCRYPTO_ALIAS(BIO_dump);
int
BIO_dump_indent(BIO *bp, const char *s, int len, int indent)
{
return BIO_dump_indent_cb(write_bio, bp, s, len, indent);
}
LCRYPTO_ALIAS(BIO_dump_indent);

209
lib/libcrypto/evp/evp_pbe.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: evp_pbe.c,v 1.40 2024/01/27 17:20:20 tb Exp $ */
/* $OpenBSD: evp_pbe.c,v 1.41 2024/02/01 17:11:58 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@ -72,14 +72,12 @@
/* Password based encryption (PBE) functions */
struct pbe_config {
static const struct pbe_config {
int pbe_nid;
int cipher_nid;
int md_nid;
EVP_PBE_KEYGEN *keygen;
};
static const struct pbe_config pbe_outer[] = {
} pbe_outer[] = {
{
.pbe_nid = NID_pbeWithMD2AndDES_CBC,
.cipher_nid = NID_des_cbc,
@ -168,146 +166,28 @@ static const struct pbe_config pbe_outer[] = {
#define N_PBE_OUTER (sizeof(pbe_outer) / sizeof(pbe_outer[0]))
static const struct pbe_config pbe_prf[] = {
{
.pbe_nid = NID_hmacWithSHA1,
.cipher_nid = -1,
.md_nid = NID_sha1,
},
{
.pbe_nid = NID_hmacWithMD5,
.cipher_nid = -1,
.md_nid = NID_md5,
},
{
.pbe_nid = NID_hmacWithSHA224,
.cipher_nid = -1,
.md_nid = NID_sha224,
},
{
.pbe_nid = NID_hmacWithSHA256,
.cipher_nid = -1,
.md_nid = NID_sha256,
},
{
.pbe_nid = NID_hmacWithSHA384,
.cipher_nid = -1,
.md_nid = NID_sha384,
},
{
.pbe_nid = NID_hmacWithSHA512,
.cipher_nid = -1,
.md_nid = NID_sha512,
},
{
.pbe_nid = NID_id_HMACGostR3411_94,
.cipher_nid = -1,
.md_nid = NID_id_GostR3411_94,
},
{
.pbe_nid = NID_id_tc26_hmac_gost_3411_12_256,
.cipher_nid = -1,
.md_nid = NID_id_tc26_gost3411_2012_256,
},
{
.pbe_nid = NID_id_tc26_hmac_gost_3411_12_512,
.cipher_nid = -1,
.md_nid = NID_id_tc26_gost3411_2012_512,
},
{
.pbe_nid = NID_hmacWithSHA512_224,
.cipher_nid = -1,
.md_nid = NID_sha512_224,
},
{
.pbe_nid = NID_hmacWithSHA512_256,
.cipher_nid = -1,
.md_nid = NID_sha512_256,
},
{
.pbe_nid = NID_hmac_sha3_224,
.cipher_nid = -1,
.md_nid = NID_sha3_224,
},
{
.pbe_nid = NID_hmac_sha3_256,
.cipher_nid = -1,
.md_nid = NID_sha3_256,
},
{
.pbe_nid = NID_hmac_sha3_384,
.cipher_nid = -1,
.md_nid = NID_sha3_384,
},
{
.pbe_nid = NID_hmac_sha3_512,
.cipher_nid = -1,
.md_nid = NID_sha3_512,
},
};
#define N_PBE_PRF (sizeof(pbe_prf) / sizeof(pbe_prf[0]))
int
EVP_PBE_find(int type, int pbe_nid, int *out_cipher_nid, int *out_md_nid,
EVP_PBE_KEYGEN **out_keygen)
{
const struct pbe_config *pbe = NULL;
size_t i;
if (out_cipher_nid != NULL)
*out_cipher_nid = NID_undef;
if (out_md_nid != NULL)
*out_md_nid = NID_undef;
if (out_keygen != NULL)
*out_keygen = NULL;
if (pbe_nid == NID_undef)
return 0;
if (type == EVP_PBE_TYPE_OUTER) {
for (i = 0; i < N_PBE_OUTER; i++) {
if (pbe_nid == pbe_outer[i].pbe_nid) {
pbe = &pbe_outer[i];
break;
}
}
} else if (type == EVP_PBE_TYPE_PRF) {
for (i = 0; i < N_PBE_PRF; i++) {
if (pbe_nid == pbe_prf[i].pbe_nid) {
pbe = &pbe_prf[i];
break;
}
}
}
if (pbe == NULL)
return 0;
if (out_cipher_nid != NULL)
*out_cipher_nid = pbe->cipher_nid;
if (out_md_nid != NULL)
*out_md_nid = pbe->md_nid;
if (out_keygen != NULL)
*out_keygen = pbe->keygen;
return 1;
}
int
EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de)
{
const struct pbe_config *cfg = NULL;
const EVP_CIPHER *cipher = NULL;
const EVP_MD *md = NULL;
int pbe_nid, cipher_nid, md_nid;
EVP_PBE_KEYGEN *keygen;
int pbe_nid;
size_t i;
if ((pbe_nid = OBJ_obj2nid(pbe_obj)) == NID_undef) {
EVPerror(EVP_R_UNKNOWN_PBE_ALGORITHM);
return 0;
}
if (!EVP_PBE_find(EVP_PBE_TYPE_OUTER, pbe_nid, &cipher_nid, &md_nid,
&keygen)) {
for (i = 0; i < N_PBE_OUTER; i++) {
if (pbe_nid == pbe_outer[i].pbe_nid) {
cfg = &pbe_outer[i];
break;
}
}
if (cfg == NULL) {
EVPerror(EVP_R_UNKNOWN_PBE_ALGORITHM);
ERR_asprintf_error_data("NID=%d", pbe_nid);
return 0;
@ -318,20 +198,20 @@ EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
if (passlen == -1)
passlen = strlen(pass);
if (cipher_nid != -1) {
if ((cipher = EVP_get_cipherbynid(cipher_nid)) == NULL) {
if (cfg->cipher_nid != -1) {
if ((cipher = EVP_get_cipherbynid(cfg->cipher_nid)) == NULL) {
EVPerror(EVP_R_UNKNOWN_CIPHER);
return 0;
}
}
if (md_nid != -1) {
if ((md = EVP_get_digestbynid(md_nid)) == NULL) {
if (cfg->md_nid != -1) {
if ((md = EVP_get_digestbynid(cfg->md_nid)) == NULL) {
EVPerror(EVP_R_UNKNOWN_DIGEST);
return 0;
}
}
if (!keygen(ctx, pass, passlen, param, cipher, md, en_de)) {
if (!cfg->keygen(ctx, pass, passlen, param, cipher, md, en_de)) {
EVPerror(EVP_R_KEYGEN_FAILURE);
return 0;
}
@ -575,6 +455,47 @@ PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
return ret;
}
static int
md_nid_from_prf_nid(int nid)
{
switch (nid) {
case NID_hmacWithMD5:
return NID_md5;
case NID_hmacWithSHA1:
return NID_sha1;
case NID_hmacWithSHA224:
return NID_sha224;
case NID_hmacWithSHA256:
return NID_sha256;
case NID_hmacWithSHA384:
return NID_sha384;
case NID_hmacWithSHA512:
return NID_sha512;
case NID_hmacWithSHA512_224:
return NID_sha512_224;
case NID_hmacWithSHA512_256:
return NID_sha512_256;
case NID_hmac_sha3_224:
return NID_sha3_224;
case NID_hmac_sha3_256:
return NID_sha3_256;
case NID_hmac_sha3_384:
return NID_sha3_384;
case NID_hmac_sha3_512:
return NID_sha3_512;
#ifndef OPENSSL_NO_GOST
case NID_id_HMACGostR3411_94:
return NID_id_GostR3411_94;
case NID_id_tc26_hmac_gost_3411_12_256:
return NID_id_tc26_gost3411_2012_256;
case NID_id_tc26_hmac_gost_3411_12_512:
return NID_id_tc26_gost3411_2012_512;
#endif
default:
return NID_undef;
}
}
int
PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de)
@ -626,7 +547,7 @@ PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
else
prf_nid = NID_hmacWithSHA1;
if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, NULL)) {
if ((hmac_md_nid = md_nid_from_prf_nid(prf_nid)) == NID_undef) {
EVPerror(EVP_R_UNSUPPORTED_PRF);
goto err;
}
@ -724,6 +645,14 @@ LCRYPTO_ALIAS(PKCS12_PBE_keyivgen);
* XXX - remove the functions below in the next major bump
*/
int
EVP_PBE_find(int type, int pbe_nid, int *out_cipher_nid, int *out_md_nid,
EVP_PBE_KEYGEN **out_keygen)
{
EVPerror(ERR_R_DISABLED);
return 0;
}
int
EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid,
EVP_PBE_KEYGEN *keygen)

14
lib/libcrypto/x509/x509_verify.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: x509_verify.c,v 1.67 2023/11/13 10:33:00 tb Exp $ */
/* $OpenBSD: x509_verify.c,v 1.68 2024/02/01 23:16:38 beck Exp $ */
/*
* Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org>
*
@ -287,6 +287,18 @@ x509_verify_ctx_cert_is_root(struct x509_verify_ctx *ctx, X509 *cert,
/* Check by lookup if we have a legacy xsc */
if (ctx->xsc != NULL) {
/*
* "alternative" lookup method, using the "trusted" stack in the
* xsc as the source for roots.
*/
if (ctx->xsc->trusted != NULL) {
for (i = 0; i < sk_X509_num(ctx->xsc->trusted); i++) {
if (X509_cmp(sk_X509_value(ctx->xsc->trusted,
i), cert) == 0)
return x509_verify_check_chain_end(cert,
full_chain);
}
}
if ((match = x509_vfy_lookup_cert_match(ctx->xsc,
cert)) != NULL) {
X509_free(match);

9
usr.bin/aucat/aucat.c
View File

@ -220,7 +220,7 @@ static int
slot_new(char *path, int mode, struct aparams *par, int hdr,
int cmin, int cmax, int rate, int dup, int vol, long long pos)
{
struct slot *s;
struct slot *s, **ps;
s = xmalloc(sizeof(struct slot));
if (!afile_open(&s->afile, path, hdr,
@ -273,8 +273,10 @@ slot_new(char *path, int mode, struct aparams *par, int hdr,
}
log_puts("\n");
}
s->next = slot_list;
slot_list = s;
for (ps = &slot_list; *ps != NULL; ps = &(*ps)->next)
;
s->next = NULL;
*ps = s;
return 1;
}
@ -801,6 +803,7 @@ dev_slotvol(int midich, int val)
#endif
break;
}
midich--;
}
}

2
usr.bin/ssh/gss-genr.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: gss-genr.c,v 1.28 2021/01/27 10:05:28 djm Exp $ */
/* $OpenBSD: gss-genr.c,v 1.29 2024/02/01 02:37:33 djm Exp $ */
/*
* Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved.

10
usr.bin/ssh/kex.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kex.h,v 1.121 2023/12/18 14:45:49 djm Exp $ */
/* $OpenBSD: kex.h,v 1.122 2024/02/02 00:13:34 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@ -102,10 +102,10 @@ enum kex_exchange {
#define KEX_INIT_SENT 0x0001
#define KEX_INITIAL 0x0002
#define KEX_HAS_PUBKEY_HOSTBOUND 0x0004
#define KEX_RSA_SHA2_256_SUPPORTED 0x0008 /* only set in server for now */
#define KEX_RSA_SHA2_512_SUPPORTED 0x0010 /* only set in server for now */
#define KEX_HAS_PING 0x0020
#define KEX_HAS_EXT_INFO_IN_AUTH 0x0040
#define KEX_RSA_SHA2_256_SUPPORTED 0x0008 /* only set in server for now */
#define KEX_RSA_SHA2_512_SUPPORTED 0x0010 /* only set in server for now */
#define KEX_HAS_PING 0x0020
#define KEX_HAS_EXT_INFO_IN_AUTH 0x0040
struct sshenc {
char *name;

2
usr.bin/ssh/nchan.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: nchan.c,v 1.74 2022/02/01 23:32:51 djm Exp $ */
/* $OpenBSD: nchan.c,v 1.75 2024/02/01 02:37:33 djm Exp $ */
/*
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
*

2
usr.bin/ssh/session.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: session.c,v 1.336 2023/08/10 23:05:48 djm Exp $ */
/* $OpenBSD: session.c,v 1.337 2024/02/01 02:37:33 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved

44
usr.bin/ssh/sftp.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sftp.c,v 1.236 2023/09/10 23:12:32 djm Exp $ */
/* $OpenBSD: sftp.c,v 1.237 2024/02/01 02:37:33 djm Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
*
@ -156,24 +156,24 @@ struct CMD {
#define LOCAL 2
static const struct CMD cmds[] = {
{ "bye", I_QUIT, NOARGS, NOARGS },
{ "cd", I_CHDIR, REMOTE, NOARGS },
{ "chdir", I_CHDIR, REMOTE, NOARGS },
{ "chgrp", I_CHGRP, REMOTE, NOARGS },
{ "chmod", I_CHMOD, REMOTE, NOARGS },
{ "chown", I_CHOWN, REMOTE, NOARGS },
{ "copy", I_COPY, REMOTE, LOCAL },
{ "cp", I_COPY, REMOTE, LOCAL },
{ "df", I_DF, REMOTE, NOARGS },
{ "dir", I_LS, REMOTE, NOARGS },
{ "exit", I_QUIT, NOARGS, NOARGS },
{ "get", I_GET, REMOTE, LOCAL },
{ "help", I_HELP, NOARGS, NOARGS },
{ "bye", I_QUIT, NOARGS, NOARGS },
{ "cd", I_CHDIR, REMOTE, NOARGS },
{ "chdir", I_CHDIR, REMOTE, NOARGS },
{ "chgrp", I_CHGRP, REMOTE, NOARGS },
{ "chmod", I_CHMOD, REMOTE, NOARGS },
{ "chown", I_CHOWN, REMOTE, NOARGS },
{ "copy", I_COPY, REMOTE, LOCAL },
{ "cp", I_COPY, REMOTE, LOCAL },
{ "df", I_DF, REMOTE, NOARGS },
{ "dir", I_LS, REMOTE, NOARGS },
{ "exit", I_QUIT, NOARGS, NOARGS },
{ "get", I_GET, REMOTE, LOCAL },
{ "help", I_HELP, NOARGS, NOARGS },
{ "lcd", I_LCHDIR, LOCAL, NOARGS },
{ "lchdir", I_LCHDIR, LOCAL, NOARGS },
{ "lls", I_LLS, LOCAL, NOARGS },
{ "lmkdir", I_LMKDIR, LOCAL, NOARGS },
{ "ln", I_LINK, REMOTE, REMOTE },
{ "ln", I_LINK, REMOTE, REMOTE },
{ "lpwd", I_LPWD, LOCAL, NOARGS },
{ "ls", I_LS, REMOTE, NOARGS },
{ "lumask", I_LUMASK, NOARGS, NOARGS },
@ -182,17 +182,17 @@ static const struct CMD cmds[] = {
{ "mput", I_PUT, LOCAL, REMOTE },
{ "progress", I_PROGRESS, NOARGS, NOARGS },
{ "put", I_PUT, LOCAL, REMOTE },
{ "pwd", I_PWD, REMOTE, NOARGS },
{ "quit", I_QUIT, NOARGS, NOARGS },
{ "reget", I_REGET, REMOTE, LOCAL },
{ "rename", I_RENAME, REMOTE, REMOTE },
{ "pwd", I_PWD, REMOTE, NOARGS },
{ "quit", I_QUIT, NOARGS, NOARGS },
{ "reget", I_REGET, REMOTE, LOCAL },
{ "rename", I_RENAME, REMOTE, REMOTE },
{ "reput", I_REPUT, LOCAL, REMOTE },
{ "rm", I_RM, REMOTE, NOARGS },
{ "rmdir", I_RMDIR, REMOTE, NOARGS },
{ "symlink", I_SYMLINK, REMOTE, REMOTE },
{ "version", I_VERSION, NOARGS, NOARGS },
{ "!", I_SHELL, NOARGS, NOARGS },
{ "?", I_HELP, NOARGS, NOARGS },
{ "version", I_VERSION, NOARGS, NOARGS },
{ "!", I_SHELL, NOARGS, NOARGS },
{ "?", I_HELP, NOARGS, NOARGS },
{ NULL, -1, -1, -1 }
};

2
usr.bin/ssh/sshbuf-getput-crypto.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshbuf-getput-crypto.c,v 1.10 2022/05/25 06:03:44 djm Exp $ */
/* $OpenBSD: sshbuf-getput-crypto.c,v 1.11 2024/02/01 02:37:33 djm Exp $ */
/*
* Copyright (c) 2011 Damien Miller
*

227
usr.sbin/bgpctl/bgpctl.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: bgpctl.c,v 1.304 2024/01/31 11:23:19 claudio Exp $ */
/* $OpenBSD: bgpctl.c,v 1.305 2024/02/01 11:37:10 claudio Exp $ */
/*
* Copyright (c) 2003 Henning Brauer <henning@openbsd.org>
@ -1411,24 +1411,19 @@ show_mrt_state(struct mrt_bgp_state *ms, void *arg)
}
static void
print_afi(u_char *p, uint8_t len)
print_afi(struct ibuf *b)
{
uint16_t afi;
uint8_t safi, aid;
if (len != 4) {
if (ibuf_get_n16(b, &afi) == -1 || /* afi, 2 byte */
ibuf_skip(b, 1) == -1 || /* reserved, 1 byte */
ibuf_get_n8(b, &safi) == -1 || /* safi, 1 byte */
ibuf_size(b) != 0) {
printf("bad length");
return;
}
/* afi, 2 byte */
memcpy(&afi, p, sizeof(afi));
afi = ntohs(afi);
p += 2;
/* reserved, 1 byte */
p += 1;
/* safi, 1 byte */
memcpy(&safi, p, sizeof(safi));
if (afi2aid(afi, safi, &aid) == -1)
printf("unknown afi %u safi %u", afi, safi);
else
@ -1436,12 +1431,14 @@ print_afi(u_char *p, uint8_t len)
}
static void
print_capability(uint8_t capa_code, u_char *p, uint8_t len)
print_capability(uint8_t capa_code, struct ibuf *b)
{
uint32_t as;
switch (capa_code) {
case CAPA_MP:
printf("multiprotocol capability: ");
print_afi(p, len);
print_afi(b);
break;
case CAPA_REFRESH:
printf("route refresh capability");
@ -1452,13 +1449,11 @@ print_capability(uint8_t capa_code, u_char *p, uint8_t len)
break;
case CAPA_AS4BYTE:
printf("4-byte AS num capability: ");
if (len == 4) {
uint32_t as;
memcpy(&as, p, sizeof(as));
as = ntohl(as);
printf("AS %u", as);
} else
if (ibuf_get_n32(b, &as) == -1 ||
ibuf_size(b) != 0)
printf("bad length");
else
printf("AS %u", as);
break;
case CAPA_ADD_PATH:
printf("add-path capability");
@ -1468,7 +1463,8 @@ print_capability(uint8_t capa_code, u_char *p, uint8_t len)
printf("enhanced route refresh capability");
break;
default:
printf("unknown capability %u length %u", capa_code, len);
printf("unknown capability %u length %zu",
capa_code, ibuf_size(b));
break;
}
}
@ -1531,88 +1527,63 @@ print_notification(uint8_t errcode, uint8_t subcode)
}
static int
show_mrt_capabilities(u_char *p, uint16_t len)
show_mrt_capabilities(struct ibuf *b)
{
uint16_t totlen = len;
uint8_t capa_code, capa_len;
struct ibuf cbuf;
while (len > 2) {
memcpy(&capa_code, p, sizeof(capa_code));
p += sizeof(capa_code);
len -= sizeof(capa_code);
memcpy(&capa_len, p, sizeof(capa_len));
p += sizeof(capa_len);
len -= sizeof(capa_len);
if (len < capa_len) {
printf("capa_len %u exceeds remaining length",
capa_len);
while (ibuf_size(b) > 0) {
if (ibuf_get_n8(b, &capa_code) == -1 ||
ibuf_get_n8(b, &capa_len) == -1 ||
ibuf_get_ibuf(b, capa_len, &cbuf) == -1) {
printf("truncated capabilities");
return (-1);
}
printf("\n ");
print_capability(capa_code, p, capa_len);
p += capa_len;
len -= capa_len;
print_capability(capa_code, &cbuf);
}
if (len != 0) {
printf("length mismatch while capability parsing");
return (-1);
}
return (totlen);
return (0);
}
static void
show_mrt_open(u_char *p, uint16_t len)
show_mrt_open(struct ibuf *b)
{
uint16_t short_as, holdtime;
uint8_t version, optparamlen;
struct in_addr bgpid;
/* length check up to optparamlen already happened */
memcpy(&version, p, sizeof(version));
p += sizeof(version);
len -= sizeof(version);
memcpy(&short_as, p, sizeof(short_as));
p += sizeof(short_as);
len -= sizeof(short_as);
short_as = ntohs(short_as);
memcpy(&holdtime, p, sizeof(holdtime));
holdtime = ntohs(holdtime);
p += sizeof(holdtime);
len -= sizeof(holdtime);
memcpy(&bgpid, p, sizeof(bgpid));
p += sizeof(bgpid);
len -= sizeof(bgpid);
memcpy(&optparamlen, p, sizeof(optparamlen));
p += sizeof(optparamlen);
len -= sizeof(optparamlen);
if (ibuf_get_n8(b, &version) == -1 ||
ibuf_get_n16(b, &short_as) == -1 ||
ibuf_get_n16(b, &holdtime) == -1 ||
ibuf_get(b, &bgpid, sizeof(bgpid)) == -1 ||
ibuf_get_n8(b, &optparamlen) == -1) {
trunc:
printf("truncated message");
return;
}
printf("\n ");
printf("Version: %d AS: %u Holdtime: %u BGP Id: %s Paramlen: %u",
version, short_as, holdtime, inet_ntoa(bgpid), optparamlen);
if (optparamlen != len) {
if (optparamlen != ibuf_size(b)) {
/* XXX missing support for RFC9072 */
printf("optional parameter length mismatch");
return;
}
while (len > 2) {
while (ibuf_size(b) > 0) {
uint8_t op_type, op_len;
int r;
memcpy(&op_type, p, sizeof(op_type));
p += sizeof(op_type);
len -= sizeof(op_type);
memcpy(&op_len, p, sizeof(op_len));
p += sizeof(op_len);
len -= sizeof(op_len);
if (ibuf_get_n8(b, &op_type) == -1 ||
ibuf_get_n8(b, &op_len) == -1)
goto trunc;
printf("\n ");
switch (op_type) {
case OPT_PARAM_CAPABILITIES:
printf("Capabilities: size %u", op_len);
r = show_mrt_capabilities(p, op_len);
if (r == -1)
printf("Capabilities: %u bytes", op_len);
if (show_mrt_capabilities(b) == -1)
return;
p += r;
len -= r;
break;
case OPT_PARAM_AUTH:
default:
@ -1621,89 +1592,71 @@ show_mrt_open(u_char *p, uint16_t len)
return;
}
}
if (len != 0) {
printf("optional parameter encoding error");
return;
}
}
static void
show_mrt_notification(u_char *p, uint16_t len)
show_mrt_notification(struct ibuf *b)
{
uint16_t i;
uint8_t errcode, subcode;
size_t reason_len;
char reason[REASON_LEN];
uint8_t errcode, subcode, reason_len, c;
size_t i, len;
memcpy(&errcode, p, sizeof(errcode));
p += sizeof(errcode);
len -= sizeof(errcode);
memcpy(&subcode, p, sizeof(subcode));
p += sizeof(subcode);
len -= sizeof(subcode);
if (ibuf_get_n8(b, &errcode) == -1 ||
ibuf_get_n8(b, &subcode) == -1) {
trunc:
printf("truncated message");
return;
}
printf("\n ");
print_notification(errcode, subcode);
if (errcode == ERR_CEASE && (subcode == ERR_CEASE_ADMIN_DOWN ||
subcode == ERR_CEASE_ADMIN_RESET)) {
if (len > 1) {
reason_len = *p++;
len--;
if (len < reason_len) {
printf("truncated shutdown reason");
return;
}
if (reason_len > REASON_LEN - 1) {
printf("overly long shutdown reason");
return;
}
memcpy(reason, p, reason_len);
if (ibuf_size(b) > 1) {
if (ibuf_get_n8(b, &reason_len) == -1)
goto trunc;
if (ibuf_get(b, reason, reason_len) == -1)
goto trunc;
reason[reason_len] = '\0';
printf("shutdown reason: \"%s\"",
log_reason(reason));
p += reason_len;
len -= reason_len;
}
}
if (errcode == ERR_OPEN && subcode == ERR_OPEN_CAPA) {
int r;
r = show_mrt_capabilities(p, len);
if (r == -1)
if (show_mrt_capabilities(b) == -1)
return;
p += r;
len -= r;
}
if (len > 0) {
printf("\n additional data %u bytes", len);
if (ibuf_size(b) > 0) {
len = ibuf_size(b);
printf("\n additional data, %zu bytes", len);
for (i = 0; i < len; i++) {
if (i % 16 == 0)
printf("\n ");
if (i % 8 == 0)
printf(" ");
printf(" %02X", *p++);
if (ibuf_get_n8(b, &c) == -1)
goto trunc;
printf(" %02X", c);
}
}
}
/* XXX this function does not handle JSON output */
static void
show_mrt_update(u_char *p, uint16_t len, int reqflags, int addpath)
show_mrt_update(struct ibuf *b, int reqflags, int addpath)
{
struct bgpd_addr prefix;
struct ibuf *b, buf, wbuf, abuf;
struct ibuf wbuf, abuf;
uint32_t pathid;
uint16_t wlen, alen;
uint8_t prefixlen;
ibuf_from_buffer(&buf, p, len);
b = &buf;
if (ibuf_get_n16(b, &wlen) == -1 ||
ibuf_get_ibuf(b, wlen, &wbuf) == -1)
goto trunc;
if (wlen > 0) {
printf("\n Withdrawn prefixes:");
while (ibuf_size(&wbuf) > 0) {
@ -1780,35 +1733,34 @@ show_mrt_msg(struct mrt_bgp_msg *mm, void *arg)
static const uint8_t marker[MSGSIZE_HEADER_MARKER] = {
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
u_char *p;
uint8_t m[MSGSIZE_HEADER_MARKER];
struct ibuf *b;
uint16_t len;
uint8_t type;
struct ctl_show_rib_request *req = arg;
printf("%s %s[%u] -> ", fmt_time(&mm->time),
log_addr(&mm->src), mm->src_as);
printf("%s[%u]: size %u%s ", log_addr(&mm->dst), mm->dst_as,
mm->msg_len, mm->add_path ? " addpath" : "");
p = mm->msg;
len = mm->msg_len;
printf("%s[%u]: size %zu%s ", log_addr(&mm->dst), mm->dst_as,
ibuf_size(&mm->msg), mm->add_path ? " addpath" : "");
b = &mm->msg;
if (len < MSGSIZE_HEADER) {
printf("illegal header length: %u byte\n", len);
if (ibuf_get(b, m, sizeof(m)) == -1) {
printf("bad message: short header\n");
return;
}
/* parse BGP message header */
if (memcmp(p, marker, sizeof(marker))) {
if (memcmp(m, marker, sizeof(marker))) {
printf("incorrect marker in BGP message\n");
return;
}
p += MSGSIZE_HEADER_MARKER;
memcpy(&len, p, 2);
len = ntohs(len);
p += 2;
memcpy(&type, p, 1);
p += 1;
if (ibuf_get_n16(b, &len) == -1 ||
ibuf_get_n8(b, &type) == -1) {
printf("bad message: short header\n");
return;
}
if (len < MSGSIZE_HEADER || len > MAX_PKTSIZE) {
printf("illegal header length: %u byte\n", len);
@ -1819,32 +1771,31 @@ show_mrt_msg(struct mrt_bgp_msg *mm, void *arg)
case OPEN:
printf("%s ", msgtypenames[type]);
if (len < MSGSIZE_OPEN_MIN) {
printf("illegal length: %u byte\n", len);
printf("bad length: %u bytes\n", len);
return;
}
show_mrt_open(p, len - MSGSIZE_HEADER);
show_mrt_open(b);
break;
case NOTIFICATION:
printf("%s ", msgtypenames[type]);
if (len < MSGSIZE_NOTIFICATION_MIN) {
printf("illegal length: %u byte\n", len);
printf("bad length: %u bytes\n", len);
return;
}
show_mrt_notification(p, len - MSGSIZE_HEADER);
show_mrt_notification(b);
break;
case UPDATE:
printf("%s ", msgtypenames[type]);
if (len < MSGSIZE_UPDATE_MIN) {
printf("illegal length: %u byte\n", len);
printf("bad length: %u bytes\n", len);
return;
}
show_mrt_update(p, len - MSGSIZE_HEADER, req->flags,
mm->add_path);
show_mrt_update(b, req->flags, mm->add_path);
break;
case KEEPALIVE:
printf("%s ", msgtypenames[type]);
if (len != MSGSIZE_KEEPALIVE) {
printf("illegal length: %u byte\n", len);
printf("bad length: %u bytes\n", len);
return;
}
/* nothing */
@ -1852,10 +1803,10 @@ show_mrt_msg(struct mrt_bgp_msg *mm, void *arg)
case RREFRESH:
printf("%s ", msgtypenames[type]);
if (len != MSGSIZE_RREFRESH) {
printf("illegal length: %u byte\n", len);
printf("bad length: %u bytes\n", len);
return;
}
print_afi(p, len);
print_afi(b);
break;
default:
printf("unknown type %u\n", type);

894
usr.sbin/bgpctl/mrtparser.c
View File

File diff suppressed because it is too large Load Diff

5
usr.sbin/bgpctl/mrtparser.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: mrtparser.h,v 1.6 2024/01/23 15:56:48 claudio Exp $ */
/* $OpenBSD: mrtparser.h,v 1.7 2024/02/01 11:37:10 claudio Exp $ */
/*
* Copyright (c) 2011 Claudio Jeker <claudio@openbsd.org>
*
@ -76,9 +76,8 @@ struct mrt_bgp_msg {
struct bgpd_addr dst;
uint32_t src_as;
uint32_t dst_as;
uint16_t msg_len;
uint8_t add_path;
void *msg;
struct ibuf msg;
};
#define MRT_ATTR_ORIGIN 1

7
usr.sbin/pcidump/pcidump.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: pcidump.c,v 1.69 2023/04/16 17:26:14 kettenis Exp $ */
/* $OpenBSD: pcidump.c,v 1.70 2024/02/01 18:26:45 kettenis Exp $ */
/*
* Copyright (c) 2006, 2007 David Gwynne <loki@animata.net>
@ -606,7 +606,10 @@ dump_msi(int bus, int dev, int func, u_int8_t ptr)
if (pci_read(bus, dev, func, ptr, &reg) != 0)
return;
printf("\t\tEnabled: %s\n", reg & PCI_MSI_MC_MSIE ? "yes" : "no");
printf("\t\tEnabled: %s; %d vectors (%d enabled)\n",
reg & PCI_MSI_MC_MSIE ? "yes" : "no",
(1 << ((reg & PCI_MSI_MC_MMC_MASK) >> PCI_MSI_MC_MMC_SHIFT)),
(1 << ((reg & PCI_MSI_MC_MME_MASK) >> PCI_MSI_MC_MME_SHIFT)));
}
void

11
usr.sbin/rpki-client/cert.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: cert.c,v 1.122 2024/01/11 11:55:14 job Exp $ */
/* $OpenBSD: cert.c,v 1.123 2024/02/01 15:11:38 tb Exp $ */
/*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2021 Job Snijders <job@openbsd.org>
@ -647,7 +647,7 @@ certificate_policies(struct parse *p, X509_EXTENSION *ext)
if ((nid = OBJ_obj2nid(qualifier->pqualid)) != NID_id_qt_cps) {
warnx("%s: RFC 7318 section 2: certificatePolicies: "
"want CPS, got %d (%s)", p->fn, nid, OBJ_nid2sn(nid));
"want CPS, got %s", p->fn, nid2str(nid));
goto out;
}
@ -794,8 +794,7 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len)
warnx("%s: P-256 support is experimental", fn);
} else if (nid != NID_sha256WithRSAEncryption) {
warnx("%s: RFC 7935: wrong signature algorithm %s, want %s",
fn, OBJ_nid2ln(nid),
OBJ_nid2ln(NID_sha256WithRSAEncryption));
fn, nid2str(nid), LN_sha256WithRSAEncryption);
goto out;
}
@ -970,8 +969,8 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len)
return p.res;
dup:
warnx("%s: RFC 5280 section 4.2: duplicate %s extension", fn,
OBJ_nid2sn(nid));
warnx("%s: RFC 5280 section 4.2: duplicate extension: %s", fn,
nid2str(nid));
out:
cert_free(p.res);
X509_free(x);

6
usr.sbin/rpki-client/cms.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: cms.c,v 1.41 2023/12/10 14:18:23 job Exp $ */
/* $OpenBSD: cms.c,v 1.42 2024/02/01 15:11:38 tb Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
@ -259,7 +259,7 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der,
nid = OBJ_obj2nid(obj);
if (nid != NID_sha256) {
warnx("%s: RFC 6488: wrong digest %s, want %s", fn,
OBJ_nid2ln(nid), OBJ_nid2ln(NID_sha256));
nid2str(nid), LN_sha256);
goto out;
}
X509_ALGOR_get0(&obj, NULL, NULL, psig);
@ -271,7 +271,7 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der,
} else if (nid != NID_rsaEncryption &&
nid != NID_sha256WithRSAEncryption) {
warnx("%s: RFC 6488: wrong signature algorithm %s, want %s",
fn, OBJ_nid2ln(nid), OBJ_nid2ln(NID_rsaEncryption));
fn, nid2str(nid), LN_rsaEncryption);
goto out;
}

5
usr.sbin/rpki-client/crl.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: crl.c,v 1.31 2024/01/18 14:34:26 job Exp $ */
/* $OpenBSD: crl.c,v 1.32 2024/02/01 15:11:38 tb Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
@ -68,8 +68,7 @@ crl_parse(const char *fn, const unsigned char *der, size_t len)
warnx("%s: P-256 support is experimental", fn);
} else if (nid != NID_sha256WithRSAEncryption) {
warnx("%s: RFC 7935: wrong signature algorithm %s, want %s",
fn, OBJ_nid2ln(nid),
OBJ_nid2ln(NID_sha256WithRSAEncryption));
fn, nid2str(nid), LN_sha256WithRSAEncryption);
goto out;
}

3
usr.sbin/rpki-client/extern.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: extern.h,v 1.201 2024/01/31 06:57:21 tb Exp $ */
/* $OpenBSD: extern.h,v 1.202 2024/02/01 15:11:38 tb Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
@ -861,6 +861,7 @@ int x509_valid_subject(const char *, const X509 *);
time_t x509_find_expires(time_t, struct auth *, struct crl_tree *);
/* printers */
char *nid2str(int);
char *time2str(time_t);
void x509_print(const X509 *);
void tal_print(const struct tal *);

4
usr.sbin/rpki-client/parser.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: parser.c,v 1.113 2024/01/31 06:57:21 tb Exp $ */
/* $OpenBSD: parser.c,v 1.114 2024/02/01 09:50:15 tb Exp $ */
/*
* Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@ -327,7 +327,7 @@ proc_parser_mft_pre(struct entity *entp, enum location loc, char **file,
goto err;
}
if (issued_cmp > 0 && seqnum_cmp == 0) {
warnx("%s#%s: reissued manifest at %lld and %lld with same "
warnx("%s#%s: manifest issued at %lld and %lld with same "
"sequence number", *file, cached_mft->seqnum,
(long long)mft->thisupdate,
(long long)cached_mft->thisupdate);

18
usr.sbin/rpki-client/print.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: print.c,v 1.45 2024/01/18 14:34:26 job Exp $ */
/* $OpenBSD: print.c,v 1.46 2024/02/01 15:11:38 tb Exp $ */
/*
* Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@ -49,6 +49,22 @@ pretty_key_id(const char *hex)
return buf;
}
char *
nid2str(int nid)
{
static char buf[128];
const char *name;
if ((name = OBJ_nid2ln(nid)) == NULL)
name = OBJ_nid2sn(nid);
if (name == NULL)
name = "unknown";
snprintf(buf, sizeof(buf), "nid %d (%s)", nid, name);
return buf;
}
char *
time2str(time_t t)
{

4
usr.sbin/rpki-client/validate.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: validate.c,v 1.70 2024/01/07 09:48:03 tb Exp $ */
/* $OpenBSD: validate.c,v 1.71 2024/02/01 15:11:38 tb Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
@ -665,7 +665,7 @@ valid_ca_pkey_ec(const char *fn, EVP_PKEY *pkey)
nid = EC_GROUP_get_curve_name(group);
if (nid != NID_X9_62_prime256v1) {
if ((cname = EC_curve_nid2nist(nid)) == NULL)
cname = OBJ_nid2sn(nid);
cname = nid2str(nid);
warnx("%s: Expected P-256, got %s", fn, cname);
return 0;
}

8
usr.sbin/rpki-client/x509.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: x509.c,v 1.76 2024/01/31 15:01:13 job Exp $ */
/* $OpenBSD: x509.c,v 1.77 2024/02/01 15:11:38 tb Exp $ */
/*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
@ -362,7 +362,7 @@ x509_get_pubkey(X509 *x, const char *fn)
nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(eckey));
if (nid != NID_X9_62_prime256v1) {
if ((cname = EC_curve_nid2nist(nid)) == NULL)
cname = OBJ_nid2sn(nid);
cname = nid2str(nid);
warnx("%s: Expected P-256, got %s", fn, cname);
goto out;
}
@ -955,8 +955,8 @@ x509_valid_subject(const char *fn, const X509 *x)
warnx("%s: OBJ_obj2nid failed", fn);
return 0;
default:
warnx("%s: RFC 6487 section 4.5: unexpected attribute "
"%d (%s)", fn, nid, OBJ_nid2ln(nid));
warnx("%s: RFC 6487 section 4.5: unexpected attribute"
" %s", fn, nid2str(nid));
return 0;
}
}