SecBSD
/
src
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sync with OpenBSD -current

This commit is contained in:
purplerain 2023-12-28 02:58:44 +00:00
parent ddb52a44ab
commit 11b1e48835
Signed by: purplerain
GPG Key ID: F42C07F07E2E35B7
37 changed files with 817 additions and 681 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
bin/pax/tar.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: tar.c,v 1.77 2023/12/22 20:32:29 jca Exp $ */
/* $OpenBSD: tar.c,v 1.78 2023/12/27 08:29:41 jca Exp $ */
/* $NetBSD: tar.c,v 1.5 1995/03/21 09:07:49 cgd Exp $ */
/*-
@ -978,6 +978,39 @@ xheader_add_ull(struct xheader *xhdr, const char *keyword,
return 0;
}
static int
xheader_add_ts(struct xheader *xhdr, const char *keyword,
const struct timespec *value)
{
struct xheader_record *rec;
int reclen, tmplen;
char *s;
tmplen = MINXHDRSZ;
do {
reclen = tmplen;
tmplen = snprintf(NULL, 0, "%d %s=%lld.%09ld\n", reclen,
keyword, (long long)value->tv_sec, (long)value->tv_nsec);
} while (tmplen >= 0 && tmplen != reclen);
if (tmplen < 0)
return -1;
rec = calloc(1, sizeof(*rec));
if (rec == NULL)
return -1;
rec->reclen = reclen;
if (asprintf(&s, "%d %s=%lld.%09ld\n", reclen, keyword,
(long long)value->tv_sec, (long)value->tv_nsec) < 0) {
free(rec);
return -1;
}
rec->record = s;
SLIST_INSERT_HEAD(xhdr, rec, entry);
return 0;
}
static void
xheader_free(struct xheader *xhdr)
{
@ -1060,6 +1093,7 @@ wr_ustar_or_pax(ARCHD *arcn, int ustar)
#ifndef SMALL
struct xheader xhdr = SLIST_HEAD_INITIALIZER(xhdr);
#endif
int bad_mtime;
/*
* check for those file system types ustar cannot store
@ -1249,9 +1283,35 @@ wr_ustar_or_pax(ARCHD *arcn, int ustar)
if (ul_oct(gid_nobody, hd->gid, sizeof(hd->gid), 3))
goto out;
}
if (ull_oct(arcn->sb.st_mtime < 0 ? 0 : arcn->sb.st_mtime, hd->mtime,
sizeof(hd->mtime), 3) ||
ul_oct(arcn->sb.st_mode, hd->mode, sizeof(hd->mode), 3))
bad_mtime = ull_oct(arcn->sb.st_mtime < 0 ? 0 : arcn->sb.st_mtime,
hd->mtime, sizeof(hd->mtime), 3);
if (bad_mtime && ustar)
goto out;
#ifndef SMALL
if (!ustar) {
/*
* The pax format can preserve atime and store
* a possibly more accurate mtime.
*
* ctime isn't specified by POSIX so omit it.
*/
if (xheader_add_ts(&xhdr, "atime", &arcn->sb.st_atim) == -1) {
paxwarn(1, "Couldn't preserve %s in pax format for %s",
"atime", arcn->org_name);
xheader_free(&xhdr);
return (1);
}
if ((bad_mtime || arcn->sb.st_mtime < 0 ||
arcn->sb.st_mtim.tv_nsec != 0) &&
xheader_add_ts(&xhdr, "mtime", &arcn->sb.st_mtim) == -1) {
paxwarn(1, "Couldn't preserve %s in pax format for %s",
"mtime", arcn->org_name);
xheader_free(&xhdr);
return (1);
}
}
#endif
if (ul_oct(arcn->sb.st_mode, hd->mode, sizeof(hd->mode), 3))
goto out;
if (!Nflag) {
if ((name = user_from_uid(arcn->sb.st_uid, 1)) != NULL)

67
etc/rpki/apnic.constraints
View File

@ -1,4 +1,4 @@
# $OpenBSD: apnic.constraints,v 1.3 2023/12/19 08:10:19 job Exp $
# $OpenBSD: apnic.constraints,v 1.4 2023/12/26 13:36:18 job Exp $
# From https://www.iana.org/assignments/ipv6-unicast-address-assignments
allow 2001:200::/23
@ -21,36 +21,43 @@ deny 105.0.0.0/8
deny 154.0.0.0/16
deny 154.16.0.0/16
deny 154.65.0.0 - 154.255.255.255
deny 196.0.0.0/16
deny 196.1.0.0/24
# hole for 196.1.1.0/24
deny 196.1.2.0 - 196.1.67.255
# hole for 196.1.68.0/24
deny 196.1.69.0 - 196.1.103.255
# hole for 196.1.104.0 - 196.1.106.255
deny 196.1.107.0/24
# hole for 196.1.108.0/22
deny 196.1.112.0/24
# hole for 196.1.113.0 - 196.1.114.255
deny 196.0.0.0 - 196.1.0.255
deny 196.1.4.0/24
deny 196.1.7.0 - 196.1.63.255
deny 196.1.71.0/24
deny 196.1.74.0 - 196.1.103.255
deny 196.1.115.0 - 196.1.133.255
# hole for 196.1.134.0/24
deny 196.1.135.0 - 196.3.64.255
# hole for 196.3.65.0/24
deny 196.3.66.0 - 196.3.71.255
# hole for 196.3.72.0/24
deny 196.3.73.0 - 196.12.31.255
# hole for 196.12.32.0/19
deny 196.12.64.0 - 196.15.15.255
# hole for 196.15.16.0/20
deny 196.15.32.0 - 196.29.63.255
# hole for 196.29.64.0/19
deny 196.29.96.0 - 196.32.31.255
# hole for 196.32.32.0/19
# hole for 196.32.64.0/19
deny 196.32.96.0 - 196.39.255.255
# hole for 196.40.0.0 - 196.40.95.255
deny 196.40.96.0 - 197.255.255.254
deny 196.1.137.0/24
deny 196.1.143.0 - 196.1.159.255
deny 196.1.176.0 - 196.1.255.255
deny 196.2.2.0/23
deny 196.2.8.0 - 196.2.255.255
deny 196.3.14.0/23
deny 196.3.57.0 - 196.3.64.255
deny 196.3.90.0/24
deny 196.3.92.0 - 196.3.94.255
deny 196.3.96.0/21
deny 196.3.105.0/24
deny 196.3.107.0 - 196.3.131.255
deny 196.3.148.0/22
deny 196.3.154.0 - 196.3.183.255
deny 196.3.224.0 - 196.4.45.255
deny 196.4.71.0 - 196.11.171.255
deny 196.11.174.0 - 196.11.239.255
deny 196.11.248.0/21
deny 196.12.10.0 - 196.12.31.255
deny 196.12.128.0/19
deny 196.12.192.0 - 196.15.15.255
deny 196.15.64.0 - 196.26.255.255
deny 196.27.64.0 - 196.28.47.255
deny 196.28.64.0 - 196.29.63.255
deny 196.29.96.0 - 196.31.255.255
deny 196.32.8.0 - 196.32.31.255
deny 196.32.96.0/19
deny 196.32.160.0 - 196.39.255.255
deny 196.40.96.0 - 196.41.255.255
deny 196.42.64.0 - 196.216.0.255
deny 196.216.2.0 - 197.255.255.255
# From https://www.iana.org/assignments/as-numbers/
deny 36864 - 37887
deny 327680 - 328703

67
etc/rpki/arin.constraints
View File

@ -1,4 +1,4 @@
# $OpenBSD: arin.constraints,v 1.2 2023/12/19 08:10:19 job Exp $
# $OpenBSD: arin.constraints,v 1.3 2023/12/26 13:36:18 job Exp $
# From https://www.iana.org/assignments/ipv6-unicast-address-assignments
allow 2001:400::/23
@ -17,36 +17,43 @@ deny 105.0.0.0/8
deny 154.0.0.0/16
deny 154.16.0.0/16
deny 154.65.0.0 - 154.255.255.255
deny 196.0.0.0/16
deny 196.1.0.0/24
# hole for 196.1.1.0/24
deny 196.1.2.0 - 196.1.67.255
# hole for 196.1.68.0/24
deny 196.1.69.0 - 196.1.103.255
# hole for 196.1.104.0 - 196.1.106.255
deny 196.1.107.0/24
# hole for 196.1.108.0/22
deny 196.1.112.0/24
# hole for 196.1.113.0 - 196.1.114.255
deny 196.0.0.0 - 196.1.0.255
deny 196.1.4.0/24
deny 196.1.7.0 - 196.1.63.255
deny 196.1.71.0/24
deny 196.1.74.0 - 196.1.103.255
deny 196.1.115.0 - 196.1.133.255
# hole for 196.1.134.0/24
deny 196.1.135.0 - 196.3.64.255
# hole for 196.3.65.0/24
deny 196.3.66.0 - 196.3.71.255
# hole for 196.3.72.0/24
deny 196.3.73.0 - 196.12.31.255
# hole for 196.12.32.0/19
deny 196.12.64.0 - 196.15.15.255
# hole for 196.15.16.0/20
deny 196.15.32.0 - 196.29.63.255
# hole for 196.29.64.0/19
deny 196.29.96.0 - 196.32.31.255
# hole for 196.32.32.0/19
# hole for 196.32.64.0/19
deny 196.32.96.0 - 196.39.255.255
# hole for 196.40.0.0 - 196.40.95.255
deny 196.40.96.0 - 197.255.255.254
deny 196.1.137.0/24
deny 196.1.143.0 - 196.1.159.255
deny 196.1.176.0 - 196.1.255.255
deny 196.2.2.0/23
deny 196.2.8.0 - 196.2.255.255
deny 196.3.14.0/23
deny 196.3.57.0 - 196.3.64.255
deny 196.3.90.0/24
deny 196.3.92.0 - 196.3.94.255
deny 196.3.96.0/21
deny 196.3.105.0/24
deny 196.3.107.0 - 196.3.131.255
deny 196.3.148.0/22
deny 196.3.154.0 - 196.3.183.255
deny 196.3.224.0 - 196.4.45.255
deny 196.4.71.0 - 196.11.171.255
deny 196.11.174.0 - 196.11.239.255
deny 196.11.248.0/21
deny 196.12.10.0 - 196.12.31.255
deny 196.12.128.0/19
deny 196.12.192.0 - 196.15.15.255
deny 196.15.64.0 - 196.26.255.255
deny 196.27.64.0 - 196.28.47.255
deny 196.28.64.0 - 196.29.63.255
deny 196.29.96.0 - 196.31.255.255
deny 196.32.8.0 - 196.32.31.255
deny 196.32.96.0/19
deny 196.32.160.0 - 196.39.255.255
deny 196.40.96.0 - 196.41.255.255
deny 196.42.64.0 - 196.216.0.255
deny 196.216.2.0 - 197.255.255.255
# From https://www.iana.org/assignments/as-numbers/
deny 36864 - 37887
deny 327680 - 328703

67
etc/rpki/lacnic.constraints
View File

@ -1,4 +1,4 @@
# $OpenBSD: lacnic.constraints,v 1.2 2023/12/19 08:10:19 job Exp $
# $OpenBSD: lacnic.constraints,v 1.3 2023/12/26 13:36:18 job Exp $
# From https://www.iana.org/assignments/ipv6-unicast-address-assignments
allow 2001:1200::/23
@ -12,36 +12,43 @@ deny 105.0.0.0/8
deny 154.0.0.0/16
deny 154.16.0.0/16
deny 154.65.0.0 - 154.255.255.255
deny 196.0.0.0/16
deny 196.1.0.0/24
# hole for 196.1.1.0/24
deny 196.1.2.0 - 196.1.67.255
# hole for 196.1.68.0/24
deny 196.1.69.0 - 196.1.103.255
# hole for 196.1.104.0 - 196.1.106.255
deny 196.1.107.0/24
# hole for 196.1.108.0/22
deny 196.1.112.0/24
# hole for 196.1.113.0 - 196.1.114.255
deny 196.0.0.0 - 196.1.0.255
deny 196.1.4.0/24
deny 196.1.7.0 - 196.1.63.255
deny 196.1.71.0/24
deny 196.1.74.0 - 196.1.103.255
deny 196.1.115.0 - 196.1.133.255
# hole for 196.1.134.0/24
deny 196.1.135.0 - 196.3.64.255
# hole for 196.3.65.0/24
deny 196.3.66.0 - 196.3.71.255
# hole for 196.3.72.0/24
deny 196.3.73.0 - 196.12.31.255
# hole for 196.12.32.0/19
deny 196.12.64.0 - 196.15.15.255
# hole for 196.15.16.0/20
deny 196.15.32.0 - 196.29.63.255
# hole for 196.29.64.0/19
deny 196.29.96.0 - 196.32.31.255
# hole for 196.32.32.0/19
# hole for 196.32.64.0/19
deny 196.32.96.0 - 196.39.255.255
# hole for 196.40.0.0 - 196.40.95.255
deny 196.40.96.0 - 197.255.255.254
deny 196.1.137.0/24
deny 196.1.143.0 - 196.1.159.255
deny 196.1.176.0 - 196.1.255.255
deny 196.2.2.0/23
deny 196.2.8.0 - 196.2.255.255
deny 196.3.14.0/23
deny 196.3.57.0 - 196.3.64.255
deny 196.3.90.0/24
deny 196.3.92.0 - 196.3.94.255
deny 196.3.96.0/21
deny 196.3.105.0/24
deny 196.3.107.0 - 196.3.131.255
deny 196.3.148.0/22
deny 196.3.154.0 - 196.3.183.255
deny 196.3.224.0 - 196.4.45.255
deny 196.4.71.0 - 196.11.171.255
deny 196.11.174.0 - 196.11.239.255
deny 196.11.248.0/21
deny 196.12.10.0 - 196.12.31.255
deny 196.12.128.0/19
deny 196.12.192.0 - 196.15.15.255
deny 196.15.64.0 - 196.26.255.255
deny 196.27.64.0 - 196.28.47.255
deny 196.28.64.0 - 196.29.63.255
deny 196.29.96.0 - 196.31.255.255
deny 196.32.8.0 - 196.32.31.255
deny 196.32.96.0/19
deny 196.32.160.0 - 196.39.255.255
deny 196.40.96.0 - 196.41.255.255
deny 196.42.64.0 - 196.216.0.255
deny 196.216.2.0 - 197.255.255.255
# From https://www.iana.org/assignments/as-numbers/
deny 36864 - 37887
deny 327680 - 328703

67
etc/rpki/ripe.constraints
View File

@ -1,4 +1,4 @@
# $OpenBSD: ripe.constraints,v 1.2 2023/12/19 08:10:19 job Exp $
# $OpenBSD: ripe.constraints,v 1.3 2023/12/26 13:36:18 job Exp $
# From https://www.iana.org/assignments/ipv6-unicast-address-assignments
allow 2001:600::/23
@ -24,36 +24,43 @@ deny 105.0.0.0/8
deny 154.0.0.0/16
deny 154.16.0.0/16
deny 154.65.0.0 - 154.255.255.255
deny 196.0.0.0/16
deny 196.1.0.0/24
# hole for 196.1.1.0/24
deny 196.1.2.0 - 196.1.67.255
# hole for 196.1.68.0/24
deny 196.1.69.0 - 196.1.103.255
# hole for 196.1.104.0 - 196.1.106.255
deny 196.1.107.0/24
# hole for 196.1.108.0/22
deny 196.1.112.0/24
# hole for 196.1.113.0 - 196.1.114.255
deny 196.0.0.0 - 196.1.0.255
deny 196.1.4.0/24
deny 196.1.7.0 - 196.1.63.255
deny 196.1.71.0/24
deny 196.1.74.0 - 196.1.103.255
deny 196.1.115.0 - 196.1.133.255
# hole for 196.1.134.0/24
deny 196.1.135.0 - 196.3.64.255
# hole for 196.3.65.0/24
deny 196.3.66.0 - 196.3.71.255
# hole for 196.3.72.0/24
deny 196.3.73.0 - 196.12.31.255
# hole for 196.12.32.0/19
deny 196.12.64.0 - 196.15.15.255
# hole for 196.15.16.0/20
deny 196.15.32.0 - 196.29.63.255
# hole for 196.29.64.0/19
deny 196.29.96.0 - 196.32.31.255
# hole for 196.32.32.0/19
# hole for 196.32.64.0/19
deny 196.32.96.0 - 196.39.255.255
# hole for 196.40.0.0 - 196.40.95.255
deny 196.40.96.0 - 197.255.255.254
deny 196.1.137.0/24
deny 196.1.143.0 - 196.1.159.255
deny 196.1.176.0 - 196.1.255.255
deny 196.2.2.0/23
deny 196.2.8.0 - 196.2.255.255
deny 196.3.14.0/23
deny 196.3.57.0 - 196.3.64.255
deny 196.3.90.0/24
deny 196.3.92.0 - 196.3.94.255
deny 196.3.96.0/21
deny 196.3.105.0/24
deny 196.3.107.0 - 196.3.131.255
deny 196.3.148.0/22
deny 196.3.154.0 - 196.3.183.255
deny 196.3.224.0 - 196.4.45.255
deny 196.4.71.0 - 196.11.171.255
deny 196.11.174.0 - 196.11.239.255
deny 196.11.248.0/21
deny 196.12.10.0 - 196.12.31.255
deny 196.12.128.0/19
deny 196.12.192.0 - 196.15.15.255
deny 196.15.64.0 - 196.26.255.255
deny 196.27.64.0 - 196.28.47.255
deny 196.28.64.0 - 196.29.63.255
deny 196.29.96.0 - 196.31.255.255
deny 196.32.8.0 - 196.32.31.255
deny 196.32.96.0/19
deny 196.32.160.0 - 196.39.255.255
deny 196.40.96.0 - 196.41.255.255
deny 196.42.64.0 - 196.216.0.255
deny 196.216.2.0 - 197.255.255.255
# From https://www.iana.org/assignments/as-numbers/
deny 36864 - 37887
deny 327680 - 328703

15
lib/libcrypto/evp/evp_enc.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: evp_enc.c,v 1.79 2023/12/23 13:05:06 tb Exp $ */
/* $OpenBSD: evp_enc.c,v 1.81 2023/12/26 09:04:30 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -72,8 +72,6 @@ int
EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
const unsigned char *key, const unsigned char *iv, int enc)
{
if (cipher != NULL)
EVP_CIPHER_CTX_cleanup(ctx);
return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc);
}
@ -93,23 +91,18 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *engine,
}
/*
* If the ctx is reused and a cipher is passed in, reset the ctx but
* remember enc and whether key wrap was enabled.
* Set up cipher and context. Allocate cipher data and initialize ctx.
* On ctx reuse only retain encryption direction and key wrap flag.
*/
if (cipher != NULL && ctx->cipher != NULL) {
if (cipher != NULL) {
unsigned long flags = ctx->flags;
EVP_CIPHER_CTX_cleanup(ctx);
ctx->encrypt = enc;
ctx->flags = flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
}
/* Set up cipher. Allocate cipher data and initialize if necessary. */
if (cipher != NULL) {
ctx->cipher = cipher;
ctx->key_len = cipher->key_len;
ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
if (ctx->cipher->ctx_size != 0) {
ctx->cipher_data = calloc(1, ctx->cipher->ctx_size);

81
lib/libcrypto/man/EVP_CIPHER_CTX_init.3
View File

@ -1,11 +1,11 @@
.\" $OpenBSD: EVP_CIPHER_CTX_init.3,v 1.1 2023/12/01 10:40:21 schwarze Exp $
.\" $OpenBSD: EVP_CIPHER_CTX_init.3,v 1.3 2023/12/26 22:13:00 schwarze Exp $
.\" full merge up to:
.\" OpenSSL EVP_EncryptInit.pod 0874d7f2 Oct 11 13:13:47 2022 +0100
.\"
.\" This file is a derived work.
.\" The changes are covered by the following Copyright and license:
.\"
.\" Copyright (c) 2018, 2019 Ingo Schwarze <schwarze@openbsd.org>
.\" Copyright (c) 2018, 2019, 2023 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@ -68,7 +68,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 1 2023 $
.Dd $Mdocdate: December 26 2023 $
.Dt EVP_CIPHER_CTX_INIT 3
.Os
.Sh NAME
@ -91,15 +91,22 @@
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "unsigned char *out"
.Fa "const unsigned char *in"
.Fa "unsigned int inl"
.Fa "unsigned int in_len"
.Fc
.Sh DESCRIPTION
.Fn EVP_CIPHER_CTX_init
is a deprecated function to clear a cipher context on the stack
before use.
Do not use it on a cipher context returned from
is a deprecated function that could be used to clear a cipher context
on the stack before
.Vt EVP_CIPHER_CTX
was made opaque.
Calling it on a cipher context just returned from
.Xr EVP_CIPHER_CTX_new 3
or one that was already used.
has no effect.
Calling it on a cipher context that was already used leaks memory.
Instead, use
.Xr EVP_CIPHER_CTX_reset 3
or
.Xr EVP_CIPHER_CTX_free 3 .
.Pp
.Fn EVP_CIPHER_CTX_cleanup
is a deprecated alias for
@ -111,13 +118,47 @@ and frees all allocated memory associated with it, except the
object itself.
.Pp
.Fn EVP_Cipher
encrypts or decrypts aligned blocks of data
exposes implementation details of the functions
.Xr EVP_CipherUpdate 3
and
.Xr EVP_CipherFinal 3
that should never have become part of the public API.
.Pp
If the flag
.Dv EVP_CIPH_FLAG_CUSTOM_CIPHER
is set for the cipher used by
.Fa ctx ,
behaviour depends on
.Fa in .
If that argument is
.Dv NULL
and
.Fa in_len
is 0, behaviour is similar to
.Xr EVP_CipherFinal 3 ;
if
.Fa in_len
is not 0, behaviour is undefined.
If
.Fa in
is not
.Dv NULL ,
behaviour is similar to
.Xr EVP_CipherUpdate 3 .
In both cases, the exceptions to the similarity are that arguments
and return values differ.
.Pp
If the flag
.Dv EVP_CIPH_FLAG_CUSTOM_CIPHER
is not set for the cipher used by
.Fa ctx ,
it encrypts or decrypts aligned blocks of data
whose lengths match the cipher block size.
It requires that the previous encryption or decryption operation
using the same
.Fa ctx ,
if there was any, ended exactly on a block boundary and that
.Fa inl
.Fa in_len
is an integer multiple of the cipher block size.
If either of these conditions is violated,
.Fn EVP_Cipher
@ -126,16 +167,24 @@ For that reason, using the function
.Xr EVP_CipherUpdate 3
instead is strongly recommended.
The latter can safely handle partial blocks, and even if
.Fa inl
.Fa in_len
actually is a multiple of the cipher block size for all calls,
the overhead incurred by using
.Xr EVP_CipherUpdate 3
is minimal.
.Sh RETURN VALUES
.Fn EVP_CIPHER_CTX_cleanup
and
returns 1 for success or 0 for failure.
.Pp
With
.Dv EVP_CIPH_FLAG_CUSTOM_CIPHER ,
.Fn EVP_Cipher
return 1 for success or 0 for failure.
returns the number of bytes written to
.Fa out
for success or \-1 for failure.
Without
.Dv EVP_CIPH_FLAG_CUSTOM_CIPHER ,
it returns 1 for success or 0 for failure.
.Sh SEE ALSO
.Xr evp 3 ,
.Xr EVP_EncryptInit 3
@ -148,3 +197,9 @@ first appeared in SSLeay 0.8.0.
first appeared in SSLeay 0.9.0.
All these functions have been available since
.Ox 2.4 .
.Sh CAVEATS
Checking the return value of
.Fn EVP_Cipher
requires unusual caution: zero signals success if
.Dv EVP_CIPH_FLAG_CUSTOM_CIPHER
is set or failure otherwise.

101
lib/libcrypto/man/EVP_EncryptInit.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: EVP_EncryptInit.3,v 1.50 2023/12/01 13:43:37 schwarze Exp $
.\" $OpenBSD: EVP_EncryptInit.3,v 1.51 2023/12/26 22:13:00 schwarze Exp $
.\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800
.\" EVP_bf_cbc.pod EVP_cast5_cbc.pod EVP_idea_cbc.pod EVP_rc2_cbc.pod
.\" 7c6d372a Nov 20 13:20:01 2018 +0000
@ -69,7 +69,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 1 2023 $
.Dd $Mdocdate: December 26 2023 $
.Dt EVP_ENCRYPTINIT 3
.Os
.Sh NAME
@ -150,15 +150,15 @@
.Fo EVP_EncryptUpdate
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "unsigned char *out"
.Fa "int *outl"
.Fa "int *out_len"
.Fa "const unsigned char *in"
.Fa "int inl"
.Fa "int in_len"
.Fc
.Ft int
.Fo EVP_EncryptFinal_ex
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "unsigned char *out"
.Fa "int *outl"
.Fa "int *out_len"
.Fc
.Ft int
.Fo EVP_DecryptInit_ex
@ -172,15 +172,15 @@
.Fo EVP_DecryptUpdate
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "unsigned char *out"
.Fa "int *outl"
.Fa "int *out_len"
.Fa "const unsigned char *in"
.Fa "int inl"
.Fa "int in_len"
.Fc
.Ft int
.Fo EVP_DecryptFinal_ex
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "unsigned char *outm"
.Fa "int *outl"
.Fa "unsigned char *out"
.Fa "int *out_len"
.Fc
.Ft int
.Fo EVP_CipherInit_ex
@ -195,15 +195,15 @@
.Fo EVP_CipherUpdate
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "unsigned char *out"
.Fa "int *outl"
.Fa "int *out_len"
.Fa "const unsigned char *in"
.Fa "int inl"
.Fa "int in_len"
.Fc
.Ft int
.Fo EVP_CipherFinal_ex
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "unsigned char *outm"
.Fa "int *outl"
.Fa "unsigned char *out"
.Fa "int *out_len"
.Fc
.Ft int
.Fo EVP_EncryptInit
@ -216,7 +216,7 @@
.Fo EVP_EncryptFinal
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "unsigned char *out"
.Fa "int *outl"
.Fa "int *out_len"
.Fc
.Ft int
.Fo EVP_DecryptInit
@ -228,8 +228,8 @@
.Ft int
.Fo EVP_DecryptFinal
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "unsigned char *outm"
.Fa "int *outl"
.Fa "unsigned char *out"
.Fa "int *out_len"
.Fc
.Ft int
.Fo EVP_CipherInit
@ -242,8 +242,8 @@
.Ft int
.Fo EVP_CipherFinal
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "unsigned char *outm"
.Fa "int *outl"
.Fa "unsigned char *out"
.Fa "int *out_len"
.Fc
.Ft int
.Fo EVP_CIPHER_CTX_encrypting
@ -378,7 +378,7 @@ This is done when the default cipher parameters are not appropriate.
.Pp
.Fn EVP_EncryptUpdate
encrypts
.Fa inl
.Fa in_len
bytes from the buffer
.Fa in
and writes the encrypted version to
@ -387,11 +387,13 @@ This function can be called multiple times to encrypt successive blocks
of data.
The amount of data written depends on the block alignment of the
encrypted data: as a result the amount of data written may be anything
from zero bytes to (inl + cipher_block_size - 1) so
from zero bytes to
.Pq Fa in_len No + cipher_block_size - 1
so
.Fa out
should contain sufficient room.
The actual number of bytes written is placed in
.Fa outl .
.Pf * Fa out_len .
.Pp
If padding is enabled (the default) then
.Fn EVP_EncryptFinal
@ -405,7 +407,7 @@ The encrypted final data is written to
.Fa out
which should have sufficient space for one cipher block.
The number of bytes written is placed in
.Fa outl .
.Pf * Fa out_len .
After this function is called, the encryption operation is finished and
no further calls to
.Fn EVP_EncryptUpdate
@ -436,9 +438,10 @@ operations except that if padding is enabled the decrypted data buffer
.Fa out
passed to
.Fn EVP_DecryptUpdate
should have sufficient room for (inl + cipher_block_size) bytes
unless the cipher block size is 1 in which case
.Fa inl
should have sufficient room for
.Pq Fa in_len No + cipher_block_size
bytes unless the cipher block size is 1 in which case
.Fa in_len
bytes is sufficient.
.Pp
.Fn EVP_CipherInit ,
@ -703,7 +706,7 @@ parameters
set to
.Dv NULL
and the length passed in the
.Fa inl
.Fa in_len
parameter.
.Pp
The following ctrls are supported in CCM mode:
@ -729,25 +732,25 @@ The nonce length is given by 15 - L so it is 7 by default for AES.
Encrypt a string using blowfish:
.Bd -literal -offset 3n
int
do_crypt(char *outfile)
do_crypt(char *out_filename)
{
unsigned char outbuf[1024];
int outlen, tmplen;
unsigned char out_buf[1024];
int out_len, tmp_len;
/*
* Bogus key and IV: we'd normally set these from
* another source.
*/
unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
unsigned char iv[] = {1,2,3,4,5,6,7,8};
const char intext[] = "Some Crypto Text";
const char in_text[] = "Some Crypto Text";
EVP_CIPHER_CTX *ctx;
FILE *out;
FILE *out_fileptr;
ctx = EVP_CIPHER_CTX_new();
EVP_EncryptInit_ex(ctx, EVP_bf_cbc(), NULL, key, iv);
if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext,
strlen(intext))) {
if (!EVP_EncryptUpdate(ctx, out_buf, &out_len, in_text,
strlen(in_text))) {
/* Error */
EVP_CIPHER_CTX_free(ctx);
return 0;
@ -756,12 +759,12 @@ do_crypt(char *outfile)
* Buffer passed to EVP_EncryptFinal() must be after data just
* encrypted to avoid overwriting it.
*/
if (!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) {
if (!EVP_EncryptFinal_ex(ctx, out_buf + out_len, &tmp_len)) {
/* Error */
EVP_CIPHER_CTX_free(ctx);
return 0;
}
outlen += tmplen;
out_len += tmp_len;
EVP_CIPHER_CTX_free(ctx);
/*
* Need binary mode for fopen because encrypted data is
@ -769,13 +772,13 @@ do_crypt(char *outfile)
* it won't be NUL terminated and may contain embedded
* NULs.
*/
out = fopen(outfile, "wb");
if (out == NULL) {
out_fileptr = fopen(out_filename, "wb");
if (out_fileptr == NULL) {
/* Error */
return 0;
}
fwrite(outbuf, 1, outlen, out);
fclose(out);
fwrite(out_buf, 1, out_len, out_fileptr);
fclose(out_fileptr);
return 1;
}
.Ed
@ -792,11 +795,11 @@ General encryption, decryption function example using FILE I/O and AES128
with a 128-bit key:
.Bd -literal
int
do_crypt(FILE *in, FILE *out, int do_encrypt)
do_crypt(FILE *in_fileptr, FILE *out_fileptr, int do_encrypt)
{
/* Allow enough space in output buffer for additional block */
unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
int inlen, outlen;
unsigned char in_buf[1024], out_buf[1024 + EVP_MAX_BLOCK_LENGTH];
int in_len, out_len;
EVP_CIPHER_CTX *ctx;
/*
@ -812,23 +815,23 @@ do_crypt(FILE *in, FILE *out, int do_encrypt)
EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, do_encrypt);
for (;;) {
inlen = fread(inbuf, 1, 1024, in);
if (inlen <= 0)
in_len = fread(in_buf, 1, 1024, in_fileptr);
if (in_len <= 0)
break;
if (!EVP_CipherUpdate(ctx, outbuf, &outlen, inbuf,
inlen)) {
if (!EVP_CipherUpdate(ctx, out_buf, &out_len, in_buf,
in_len)) {
/* Error */
EVP_CIPHER_CTX_free(ctx);
return 0;
}
fwrite(outbuf, 1, outlen, out);
fwrite(out_buf, 1, out_len, out_fileptr);
}
if (!EVP_CipherFinal_ex(ctx, outbuf, &outlen)) {
if (!EVP_CipherFinal_ex(ctx, out_buf, &out_len)) {
/* Error */
EVP_CIPHER_CTX_free(ctx);
return 0;
}
fwrite(outbuf, 1, outlen, out);
fwrite(out_buf, 1, out_len, out_fileptr);
EVP_CIPHER_CTX_free(ctx);
return 1;

3
lib/libcrypto/x509/x509_lu.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: x509_lu.c,v 1.61 2023/12/25 22:14:23 tb Exp $ */
/* $OpenBSD: x509_lu.c,v 1.62 2023/12/27 01:55:25 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -262,7 +262,6 @@ X509_STORE_free(X509_STORE *store)
sk = store->get_cert_methods;
for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {
lu = sk_X509_LOOKUP_value(sk, i);
X509_LOOKUP_shutdown(lu);
X509_LOOKUP_free(lu);
}
sk_X509_LOOKUP_free(sk);

4
regress/lib/libcrypto/Makefile
View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.52 2023/04/25 15:18:59 tb Exp $
# $OpenBSD: Makefile,v 1.54 2023/12/27 12:34:32 jsing Exp $
SUBDIR += aead
SUBDIR += aes
@ -22,8 +22,8 @@ SUBDIR += dsa
SUBDIR += ec
SUBDIR += ecdh
SUBDIR += ecdsa
SUBDIR += engine
SUBDIR += evp
SUBDIR += exdata
SUBDIR += free
SUBDIR += gcm128
SUBDIR += gost

9
regress/lib/libcrypto/engine/Makefile
View File

@ -1,9 +0,0 @@
# $OpenBSD: Makefile,v 1.3 2014/07/08 15:53:52 jsing Exp $
PROG= enginetest
LDADD= -lcrypto
DPADD= ${LIBCRYPTO}
WARNINGS= Yes
CFLAGS+= -DLIBRESSL_INTERNAL -Werror
.include <bsd.regress.mk>

253
regress/lib/libcrypto/engine/enginetest.c
View File

@ -1,253 +0,0 @@
/* $OpenBSD: enginetest.c,v 1.10 2023/06/19 18:52:29 tb Exp $ */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
* project 2000.
*/
/* ====================================================================
* Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <string.h>
#include <openssl/buffer.h>
#include <openssl/crypto.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#include <openssl/err.h>
static void display_engine_list(void)
{
ENGINE *h;
int loop;
h = ENGINE_get_first();
loop = 0;
printf("listing available engine types\n");
while (h) {
printf("engine %d, id = \"%s\", name = \"%s\"\n",
loop++, ENGINE_get_id(h), ENGINE_get_name(h));
h = ENGINE_get_next(h);
}
printf("end of list\n");
/*
* ENGINE_get_first() increases the struct_ref counter, so we must call
* ENGINE_free() to decrease it again
*/
ENGINE_free(h);
}
int main(int argc, char *argv[])
{
ENGINE *block[512];
char *id, *name;
ENGINE *ptr;
int loop;
int to_return = 1;
ENGINE *new_h1 = NULL;
ENGINE *new_h2 = NULL;
ENGINE *new_h3 = NULL;
ENGINE *new_h4 = NULL;
ERR_load_crypto_strings();
memset(block, 0, 512 * sizeof(ENGINE *));
if (((new_h1 = ENGINE_new()) == NULL) ||
!ENGINE_set_id(new_h1, "test_id0") ||
!ENGINE_set_name(new_h1, "First test item") ||
((new_h2 = ENGINE_new()) == NULL) ||
!ENGINE_set_id(new_h2, "test_id1") ||
!ENGINE_set_name(new_h2, "Second test item") ||
((new_h3 = ENGINE_new()) == NULL) ||
!ENGINE_set_id(new_h3, "test_id2") ||
!ENGINE_set_name(new_h3, "Third test item") ||
((new_h4 = ENGINE_new()) == NULL) ||
!ENGINE_set_id(new_h4, "test_id3") ||
!ENGINE_set_name(new_h4, "Fourth test item")) {
printf("Couldn't set up test ENGINE structures\n");
goto end;
}
printf("\nenginetest beginning\n\n");
display_engine_list();
if (!ENGINE_add(new_h1)) {
printf("Add failed!\n");
goto end;
}
display_engine_list();
ptr = ENGINE_get_first();
if (!ENGINE_remove(ptr)) {
printf("Remove failed!\n");
goto end;
}
ENGINE_free(ptr);
display_engine_list();
if (!ENGINE_add(new_h3) || !ENGINE_add(new_h2)) {
printf("Add failed!\n");
goto end;
}
display_engine_list();
if (!ENGINE_remove(new_h2)) {
printf("Remove failed!\n");
goto end;
}
display_engine_list();
if (!ENGINE_add(new_h4)) {
printf("Add failed!\n");
goto end;
}
display_engine_list();
if (ENGINE_add(new_h3)) {
printf("Add *should* have failed but didn't!\n");
goto end;
} else
printf("Add that should fail did.\n");
ERR_clear_error();
if (ENGINE_remove(new_h2)) {
printf("Remove *should* have failed but didn't!\n");
goto end;
} else
printf("Remove that should fail did.\n");
ERR_clear_error();
if (!ENGINE_remove(new_h3)) {
printf("Remove failed!\n");
goto end;
}
display_engine_list();
if (!ENGINE_remove(new_h4)) {
printf("Remove failed!\n");
goto end;
}
display_engine_list();
/*
* Depending on whether there's any hardware support compiled
* in, this remove may be destined to fail.
*/
ptr = ENGINE_get_first();
if (ptr)
if (!ENGINE_remove(ptr))
printf("Remove failed!i - probably no hardware "
"support present.\n");
ENGINE_free(ptr);
display_engine_list();
if (!ENGINE_add(new_h1) || !ENGINE_remove(new_h1)) {
printf("Couldn't add and remove to an empty list!\n");
goto end;
} else
printf("Successfully added and removed to an empty list!\n");
printf("About to beef up the engine-type list\n");
for (loop = 0; loop < 512; loop++) {
if (asprintf(&id, "id%d", loop) == -1)
goto end;
if (asprintf(&name, "Fake engine type %d", loop) == -1)
goto end;
if (((block[loop] = ENGINE_new()) == NULL) ||
!id || !ENGINE_set_id(block[loop], id) ||
!name || !ENGINE_set_name(block[loop], name)) {
printf("Couldn't create block of ENGINE structures.\n");
goto end;
}
}
for (loop = 0; loop < 512; loop++) {
if (!ENGINE_add(block[loop])) {
printf("\nAdding stopped at %d, (%s,%s)\n",
loop, ENGINE_get_id(block[loop]),
ENGINE_get_name(block[loop]));
break;
}
printf(".");
fflush(stdout);
}
printf("\nAbout to empty the engine-type list\n");
while ((ptr = ENGINE_get_first()) != NULL) {
if (!ENGINE_remove(ptr)) {
printf("\nRemove failed!\n");
goto end;
}
ENGINE_free(ptr);
printf("."); fflush(stdout);
}
for (loop = 0; loop < 512; loop++) {
free((void *)ENGINE_get_id(block[loop]));
free((void *)ENGINE_get_name(block[loop]));
}
printf("\nTests completed happily\n");
to_return = 0;
end:
if (to_return)
ERR_print_errors_fp(stderr);
ENGINE_free(new_h1);
ENGINE_free(new_h2);
ENGINE_free(new_h3);
ENGINE_free(new_h4);
for (loop = 0; loop < 512; loop++)
ENGINE_free(block[loop]);
ENGINE_cleanup();
CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
ERR_remove_thread_state(NULL);
CRYPTO_mem_leaks_fp(stderr);
return to_return;
}
#else
int
main(void)
{
printf("ENGINE support is disabled\n");
return 0;
}
#endif

9
regress/lib/libcrypto/exdata/Makefile Normal file
View File

@ -0,0 +1,9 @@
# $OpenBSD: Makefile,v 1.1 2023/12/27 12:34:32 jsing Exp $
PROG = exdata_test
LDADD = -lcrypto
DPADD = ${LIBCRYPTO}
WARNINGS = Yes
CFLAGS += -DLIBRESSL_INTERNAL -Werror
.include <bsd.regress.mk>

226
regress/lib/libcrypto/exdata/exdata_test.c Normal file
View File

@ -0,0 +1,226 @@
/* $OpenBSD: exdata_test.c,v 1.1 2023/12/27 12:34:32 jsing Exp $ */
/*
* Copyright (c) 2023 Joel Sing <jsing@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <stdio.h>
#include <string.h>
#include <openssl/crypto.h>
static int ex_new_calls;
static int ex_free_calls;
static int ex_dup_calls;
static int
ex_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl,
void *argp)
{
long *arg = argp;
if (argl != 1234 || *arg != 1234) {
fprintf(stderr, "FAIL: ex_new() with bad arguments\n");
return 0;
}
ex_new_calls++;
return 1;
}
static int
ex_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
int idx, long argl, void *argp)
{
long *arg = argp;
if (argl != 1234 || *arg != 1234) {
fprintf(stderr, "FAIL: ex_dup() with bad arguments\n");
return 0;
}
ex_dup_calls++;
return 1;
}
static void
ex_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx,
long argl, void *argp)
{
long *arg = argp;
if (argl != 1234 || *arg != 1234) {
fprintf(stderr, "FAIL: ex_free() with bad arguments\n");
return;
}
ex_free_calls++;
}
struct exdata {
CRYPTO_EX_DATA exdata;
int val;
};
static int
ex_data_test(void)
{
struct exdata exdata1, exdata2;
void *argp;
long argl;
int idx1, idx2;
int failed = 1;
memset(&exdata1, 0, sizeof(exdata1));
memset(&exdata2, 0, sizeof(exdata2));
argl = 1234;
argp = &argl;
if ((idx1 = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp,
ex_new, ex_dup, ex_free)) < 0) {
fprintf(stderr, "FAIL: CRYPTO_get_ex_new_index failed\n");
goto failure;
}
if (idx1 == 0) {
fprintf(stderr, "FAIL: CRYPTO_get_ex_new_index() returned 0 "
"(reserved for internal use)\n");
goto failure;
}
if ((idx2 = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, 0, NULL,
NULL, NULL, NULL)) < 0) {
fprintf(stderr, "FAIL: CRYPTO_get_ex_new_index failed\n");
goto failure;
}
if (idx1 == idx2) {
fprintf(stderr, "FAIL: CRYPTO_get_ex_new_index() returned the "
"same value\n");
goto failure;
}
if (idx2 < idx1) {
fprintf(stderr, "FAIL: CRYPTO_get_ex_new_index() returned "
"idx2 < idx1\n");
goto failure;
}
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, &exdata1, &exdata1.exdata)) {
fprintf(stderr, "FAIL: CRYPTO_new_ex_data() failed\n");
goto failure;
}
if (!CRYPTO_set_ex_data(&exdata1.exdata, idx2, &idx2)) {
fprintf(stderr, "FAIL: CRYPTO_set_ex_data() failed\n");
goto failure;
}
if (!CRYPTO_set_ex_data(&exdata1.exdata, idx1, &idx1)) {
fprintf(stderr, "FAIL: CRYPTO_set_ex_data() failed\n");
goto failure;
}
if (CRYPTO_get_ex_data(&exdata1.exdata, idx1) != &idx1) {
fprintf(stderr, "FAIL: CRYPTO_get_ex_data() failed\n");
goto failure;
}
if (CRYPTO_get_ex_data(&exdata1.exdata, idx2) != &idx2) {
fprintf(stderr, "FAIL: CRYPTO_get_ex_data() failed\n");
goto failure;
}
if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_RSA, &exdata2.exdata,
&exdata1.exdata)) {
fprintf(stderr, "FAIL: CRYPTO_get_ex_data() failed\n");
goto failure;
}
if (CRYPTO_get_ex_data(&exdata2.exdata, idx1) != &idx1) {
fprintf(stderr, "FAIL: CRYPTO_get_ex_data() failed\n");
goto failure;
}
if (CRYPTO_get_ex_data(&exdata2.exdata, idx2) != &idx2) {
fprintf(stderr, "FAIL: CRYPTO_get_ex_data() failed\n");
goto failure;
}
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, &exdata1, &exdata1.exdata);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, &exdata2, &exdata2.exdata);
if (ex_new_calls != 1) {
fprintf(stderr, "FAIL: got %d ex_new calls, want %d\n",
ex_new_calls, 1);
goto failure;
}
if (ex_dup_calls != 1) {
fprintf(stderr, "FAIL: got %d ex_dup calls, want %d\n",
ex_dup_calls, 1);
goto failure;
}
if (ex_free_calls != 2) {
fprintf(stderr, "FAIL: got %d ex_free calls, want %d\n",
ex_free_calls, 2);
goto failure;
}
failed = 0;
failure:
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, &exdata1, &exdata1.exdata);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, &exdata2, &exdata2.exdata);
return failed;
}
#if 0
/* This insanity currently succeeds... */
static int
ex_new_index_test(void)
{
int failed = 1;
int idx;
if ((idx = CRYPTO_get_ex_new_index(-1, 0, NULL, NULL, NULL,
NULL)) > 0) {
fprintf(stderr, "FAIL: CRYPTO_get_ex_new_index() succeeded with "
"negative class\n");
goto failure;
}
if ((idx = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX__COUNT, 0,
NULL, NULL, NULL, NULL)) > 0) {
fprintf(stderr, "FAIL: CRYPTO_get_ex_new_index() succeeded with "
"class exceeding maximum\n");
goto failure;
}
failed = 0;
failure:
return failed;
}
#endif
int
main(int argc, char **argv)
{
int failed = 0;
failed |= ex_data_test();
#if 0
failed |= ex_new_index_test();
#endif
/* Force a clean up. */
CRYPTO_cleanup_all_ex_data();
return failed;
}

12
share/man/man5/ruby-module.5
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ruby-module.5,v 1.45 2023/10/13 23:16:58 jeremy Exp $
.\" $OpenBSD: ruby-module.5,v 1.46 2023/12/27 23:46:42 jeremy Exp $
.\"
.\" Copyright (c) 2011-2015, 2023 Jeremy Evans <jeremy@openbsd.org>
.\" Copyright (c) 2008, 2011 Marc Espie <espie@openbsd.org>
@ -25,7 +25,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: October 13 2023 $
.Dd $Mdocdate: December 27 2023 $
.Dt RUBY-MODULE 5
.Os
.Sh NAME
@ -66,7 +66,7 @@ those via
.Ev CONFIGURE_STYLE Ns = Ns Qq ruby gem
and
.Ev CONFIGURE_STYLE Ns = Ns Qq ruby gem ext
both add ruby31 and ruby32
both add ruby31, ruby32, and ruby33
.Ev FLAVOR Ns s
to the port.
They also cause the
@ -79,10 +79,10 @@ The ports system defaults to using Ruby 3.2 if the version of Ruby is not
specified.
To specify a version for a gem port, use a specific
.Ev FLAVOR ,
such as ruby31 to use Ruby 3.1.
such as ruby33 to use Ruby 3.3.
To specify the Ruby version to use for a non Ruby-gem port, set
.Ev MODRUBY_REV
to 3.1 or 3.2.
to 3.1, 3.2, or 3.3.
.Pp
To ensure that dependencies use the same Ruby implementation as the
current port, all Ruby gem dependencies specified in the port
@ -108,7 +108,7 @@ is
.Cm Yes ,
the ports system automatically adds the appropriate prefix to the
.Ev FULLPKGNAME
(e.g. ruby31\- for ruby 3.1, ruby32\- for ruby 3.2).
(e.g. ruby32\- for ruby 3.2, ruby33\- for ruby 3.3).
.Pp
For Ruby gem ports that can work on multiple Ruby versions, append
.Ev GEM_BIN_SUFFIX

23
sys/arch/arm64/arm64/cpu.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: cpu.c,v 1.101 2023/11/23 19:54:30 patrick Exp $ */
/* $OpenBSD: cpu.c,v 1.102 2023/12/26 09:19:15 kettenis Exp $ */
/*
* Copyright (c) 2016 Dale Rahn <drahn@dalerahn.com>
@ -252,6 +252,7 @@ void cpu_psci_init(struct cpu_info *);
void cpu_flush_bp_noop(void);
void cpu_flush_bp_psci(void);
void cpu_serror_apple(void);
#if NKSTAT > 0
void cpu_kstat_attach(struct cpu_info *ci);
@ -398,7 +399,6 @@ cpu_identify(struct cpu_info *ci)
* The architecture has been updated to explicitly tell us if
* we're not vulnerable to regular Spectre.
*/
id = READ_SPECIALREG(id_aa64pfr0_el1);
if (ID_AA64PFR0_CSV2(id) >= ID_AA64PFR0_CSV2_IMPL)
ci->ci_flush_bp = cpu_flush_bp_noop;
@ -407,7 +407,6 @@ cpu_identify(struct cpu_info *ci)
* But we might still be vulnerable to Spectre-BHB. If we know the
* CPU, we can add a branchy loop that cleans the BHB.
*/
if (impl == CPU_IMPL_ARM) {
switch (part) {
case CPU_PART_CORTEX_A72:
@ -453,13 +452,11 @@ cpu_identify(struct cpu_info *ci)
#endif
/* Prefer CLRBHB to mitigate Spectre-BHB. */
id = READ_SPECIALREG(id_aa64isar2_el1);
if (ID_AA64ISAR2_CLRBHB(id) >= ID_AA64ISAR2_CLRBHB_IMPL)
ci->ci_trampoline_vectors = (vaddr_t)trampoline_vectors_clrbhb;
/* ECBHB tells us Spectre-BHB is mitigated. */
id = READ_SPECIALREG(id_aa64mmfr1_el1);
if (ID_AA64MMFR1_ECBHB(id) >= ID_AA64MMFR1_ECBHB_IMPL)
ci->ci_trampoline_vectors = (vaddr_t)trampoline_vectors_none;
@ -468,13 +465,18 @@ cpu_identify(struct cpu_info *ci)
* The architecture has been updated to explicitly tell us if
* we're not vulnerable.
*/
id = READ_SPECIALREG(id_aa64pfr0_el1);
if (ID_AA64PFR0_CSV2(id) >= ID_AA64PFR0_CSV2_HCXT) {
ci->ci_flush_bp = cpu_flush_bp_noop;
ci->ci_trampoline_vectors = (vaddr_t)trampoline_vectors_none;
}
/*
* Apple CPUs provide detailed information for SError.
*/
if (impl == CPU_IMPL_APPLE)
ci->ci_serror = cpu_serror_apple;
/*
* Print CPU features encoded in the ID registers.
*/
@ -1018,6 +1020,15 @@ cpu_flush_bp_psci(void)
#endif
}
void
cpu_serror_apple(void)
{
__asm volatile("dsb sy; isb" ::: "memory");
printf("l2c_err_sts 0x%llx\n", READ_SPECIALREG(s3_3_c15_c8_0));
printf("l2c_err_adr 0x%llx\n", READ_SPECIALREG(s3_3_c15_c9_0));
printf("l2c_err_inf 0x%llx\n", READ_SPECIALREG(s3_3_c15_c10_0));
}
int
cpu_clockspeed(int *freq)
{

6
sys/arch/arm64/arm64/exception.S
View File

@ -1,4 +1,4 @@
/* $OpenBSD: exception.S,v 1.15 2022/12/10 10:13:58 patrick Exp $ */
/* $OpenBSD: exception.S,v 1.16 2023/12/26 09:19:15 kettenis Exp $ */
/*-
* Copyright (c) 2014 Andrew Turner
* All rights reserved.
@ -191,7 +191,11 @@ handle_el1h_fiq:
.globl handle_el1h_error
.type handle_el1h_error,@function
handle_el1h_error:
save_registers 1
mov x0, sp
bl do_el1h_error
brk 0xf13
1: b 1b
.macro return
msr tpidrro_el0, x18

26
sys/arch/arm64/arm64/trap.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: trap.c,v 1.46 2023/06/10 19:30:48 kettenis Exp $ */
/* $OpenBSD: trap.c,v 1.47 2023/12/26 09:19:15 kettenis Exp $ */
/*-
* Copyright (c) 2014 Andrew Turner
* All rights reserved.
@ -338,12 +338,36 @@ do_el0_sync(struct trapframe *frame)
userret(p);
}
static void
serror(struct trapframe *frame)
{
struct cpu_info *ci = curcpu();
uint64_t esr, far;
esr = READ_SPECIALREG(esr_el1);
far = READ_SPECIALREG(far_el1);
printf("SError: %lx esr %llx far %0llx\n",
frame->tf_elr, esr, far);
if (ci->ci_serror)
ci->ci_serror();
}
void
do_el0_error(struct trapframe *frame)
{
serror(frame);
panic("do_el0_error");
}
void
do_el1h_error(struct trapframe *frame)
{
serror(frame);
panic("do_el1h_error");
}
void
dumpregs(struct trapframe *frame)
{

3
sys/arch/arm64/include/cpu.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: cpu.h,v 1.39 2023/08/23 01:55:46 cheloha Exp $ */
/* $OpenBSD: cpu.h,v 1.40 2023/12/26 09:19:15 kettenis Exp $ */
/*
* Copyright (c) 2016 Dale Rahn <drahn@dalerahn.com>
*
@ -143,6 +143,7 @@ struct cpu_info {
int ci_want_resched;
void (*ci_flush_bp)(void);
void (*ci_serror)(void);
uint64_t ci_ttbr1;
vaddr_t ci_el1_stkend;

7
sys/dev/fdt/sncodec.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sncodec.c,v 1.3 2023/07/09 12:32:22 kettenis Exp $ */
/* $OpenBSD: sncodec.c,v 1.4 2023/12/26 09:25:15 kettenis Exp $ */
/*
* Copyright (c) 2023 Mark Kettenis <kettenis@openbsd.org>
*
@ -26,6 +26,7 @@
#include <dev/ofw/openfirm.h>
#include <dev/ofw/ofw_gpio.h>
#include <dev/ofw/ofw_misc.h>
#include <dev/ofw/ofw_regulator.h>
#include <dev/ofw/fdt.h>
#include <dev/i2c/i2cvar.h>
@ -136,6 +137,8 @@ sncodec_attach(struct device *parent, struct device *self, void *aux)
printf("\n");
regulator_enable(OF_getpropint(node, "SDZ-supply", 0));
sdz_gpiolen = OF_getproplen(node, "shutdown-gpios");
if (sdz_gpiolen > 0) {
sdz_gpio = malloc(sdz_gpiolen, M_TEMP, M_WAITOK);
@ -146,7 +149,7 @@ sncodec_attach(struct device *parent, struct device *self, void *aux)
free(sdz_gpio, M_TEMP, sdz_gpiolen);
delay(1000);
}
/* Set volume to a reasonable level. */
sc->sc_dvc = DVC_LVL_30DB;
sc->sc_mute = MODE_CTRL_MODE_ACTIVE;

5
sys/dev/fdt/tascodec.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: tascodec.c,v 1.7 2023/07/15 13:35:17 kettenis Exp $ */
/* $OpenBSD: tascodec.c,v 1.8 2023/12/26 09:25:15 kettenis Exp $ */
/*
* Copyright (c) 2022 Mark Kettenis <kettenis@openbsd.org>
*
@ -26,6 +26,7 @@
#include <dev/ofw/openfirm.h>
#include <dev/ofw/ofw_gpio.h>
#include <dev/ofw/ofw_misc.h>
#include <dev/ofw/ofw_regulator.h>
#include <dev/ofw/fdt.h>
#include <dev/i2c/i2cvar.h>
@ -127,6 +128,8 @@ tascodec_attach(struct device *parent, struct device *self, void *aux)
printf("\n");
regulator_enable(OF_getpropint(node, "SDZ-supply", 0));
sdz_gpiolen = OF_getproplen(node, "shutdown-gpios");
if (sdz_gpiolen > 0) {
sdz_gpio = malloc(sdz_gpiolen, M_TEMP, M_WAITOK);

33
usr.bin/rsync/flist.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: flist.c,v 1.37 2022/12/26 19:16:02 jmc Exp $ */
/* $OpenBSD: flist.c,v 1.38 2023/12/27 17:22:25 claudio Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
* Copyright (c) 2019 Florian Obser <florian@openbsd.org>
@ -442,7 +442,7 @@ flist_recv_name(struct sess *sess, int fd, struct flist *f, uint8_t flags,
* than byte-size.
*/
if (FLIST_NAME_SAME & flags) {
if (flags & FLIST_NAME_SAME) {
if (!io_read_byte(sess, fd, &bval)) {
ERRX1("io_read_byte");
return 0;
@ -452,7 +452,7 @@ flist_recv_name(struct sess *sess, int fd, struct flist *f, uint8_t flags,
/* Get the (possibly-remaining) filename length. */
if (FLIST_NAME_LONG & flags) {
if (flags & FLIST_NAME_LONG) {
if (!io_read_size(sess, fd, &pathlen)) {
ERRX1("io_read_size");
return 0;
@ -479,7 +479,7 @@ flist_recv_name(struct sess *sess, int fd, struct flist *f, uint8_t flags,
}
f->path[len] = '\0';
if (FLIST_NAME_SAME & flags)
if (flags & FLIST_NAME_SAME)
memcpy(f->path, last, partial);
if (!io_read_buf(sess, fd, f->path + partial, pathlen)) {
@ -633,44 +633,41 @@ flist_recv(struct sess *sess, int fd, struct flist **flp, size_t *sz)
/* Read the modification time. */
if (!(FLIST_TIME_SAME & flag)) {
if (!(flag & FLIST_TIME_SAME)) {
if (!io_read_uint(sess, fd, &uival)) {
ERRX1("io_read_uint");
goto out;
}
ff->st.mtime = uival; /* beyond 2038 */
} else if (fflast == NULL) {
ERRX("same time without last entry");
goto out;
ff->st.mtime = 0;
} else
ff->st.mtime = fflast->st.mtime;
/* Read the file mode. */
if (!(FLIST_MODE_SAME & flag)) {
if (!(flag & FLIST_MODE_SAME)) {
if (!io_read_uint(sess, fd, &uival)) {
ERRX1("io_read_uint");
goto out;
}
ff->st.mode = uival;
} else if (fflast == NULL) {
ERRX("same mode without last entry");
goto out;
ff->st.mode = 0;
} else
ff->st.mode = fflast->st.mode;
/* Conditional part: uid. */
if (sess->opts->preserve_uids) {
if (!(FLIST_UID_SAME & flag)) {
if (!(flag & FLIST_UID_SAME)) {
if (!io_read_uint(sess, fd, &uival)) {
ERRX1("io_read_int");
goto out;
}
ff->st.uid = uival;
} else if (fflast == NULL) {
ERRX("same uid without last entry");
goto out;
ff->st.uid = 0;
} else
ff->st.uid = fflast->st.uid;
}
@ -678,15 +675,14 @@ flist_recv(struct sess *sess, int fd, struct flist **flp, size_t *sz)
/* Conditional part: gid. */
if (sess->opts->preserve_gids) {
if (!(FLIST_GID_SAME & flag)) {
if (!(flag & FLIST_GID_SAME)) {
if (!io_read_uint(sess, fd, &uival)) {
ERRX1("io_read_uint");
goto out;
}
ff->st.gid = uival;
} else if (fflast == NULL) {
ERRX("same gid without last entry");
goto out;
ff->st.gid = 0;
} else
ff->st.gid = fflast->st.gid;
}
@ -697,15 +693,14 @@ flist_recv(struct sess *sess, int fd, struct flist **flp, size_t *sz)
S_ISCHR(ff->st.mode))) ||
(sess->opts->specials && (S_ISFIFO(ff->st.mode) ||
S_ISSOCK(ff->st.mode)))) {
if (!(FLIST_RDEV_SAME & flag)) {
if (!(flag & FLIST_RDEV_SAME)) {
if (!io_read_int(sess, fd, &ival)) {
ERRX1("io_read_int");
goto out;
}
ff->st.rdev = ival;
} else if (fflast == NULL) {
ERRX("same device without last entry");
goto out;
ff->st.rdev = 0;
} else
ff->st.rdev = fflast->st.rdev;
}

33
usr.bin/tmux/cmd-find-window.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: cmd-find-window.c,v 1.55 2022/12/16 08:13:40 nicm Exp $ */
/* $OpenBSD: cmd-find-window.c,v 1.56 2023/12/27 20:42:01 nicm Exp $ */
/*
* Copyright (c) 2009 Nicholas Marriott <nicholas.marriott@gmail.com>
@ -48,6 +48,7 @@ cmd_find_window_exec(struct cmd *self, struct cmdq_item *item)
struct cmd_find_state *target = cmdq_get_target(item);
struct window_pane *wp = target->wp;
const char *s = args_string(args, 0), *suffix = "";
const char *star = "*";
struct args_value *filter;
int C, N, T;
@ -55,6 +56,8 @@ cmd_find_window_exec(struct cmd *self, struct cmdq_item *item)
N = args_has(args, 'N');
T = args_has(args, 'T');
if (args_has(args, 'r'))
star = "";
if (args_has(args, 'r') && args_has(args, 'i'))
suffix = "/ri";
else if (args_has(args, 'r'))
@ -71,34 +74,34 @@ cmd_find_window_exec(struct cmd *self, struct cmdq_item *item)
if (C && N && T) {
xasprintf(&filter->string,
"#{||:"
"#{C%s:%s},#{||:#{m%s:*%s*,#{window_name}},"
"#{m%s:*%s*,#{pane_title}}}}",
suffix, s, suffix, s, suffix, s);
"#{C%s:%s},#{||:#{m%s:%s%s%s,#{window_name}},"
"#{m%s:%s%s%s,#{pane_title}}}}",
suffix, s, suffix, star, s, star, suffix, star, s, star);
} else if (C && N) {
xasprintf(&filter->string,
"#{||:#{C%s:%s},#{m%s:*%s*,#{window_name}}}",
suffix, s, suffix, s);
"#{||:#{C%s:%s},#{m%s:%s%s%s,#{window_name}}}",
suffix, s, suffix, star, s, star);
} else if (C && T) {
xasprintf(&filter->string,
"#{||:#{C%s:%s},#{m%s:*%s*,#{pane_title}}}",
suffix, s, suffix, s);
"#{||:#{C%s:%s},#{m%s:%s%s%s,#{pane_title}}}",
suffix, s, suffix, star, s, star);
} else if (N && T) {
xasprintf(&filter->string,
"#{||:#{m%s:*%s*,#{window_name}},"
"#{m%s:*%s*,#{pane_title}}}",
suffix, s, suffix, s);
"#{||:#{m%s:%s%s%s,#{window_name}},"
"#{m%s:%s%s%s,#{pane_title}}}",
suffix, star, s, star, suffix, star, s, star);
} else if (C) {
xasprintf(&filter->string,
"#{C%s:%s}",
suffix, s);
} else if (N) {
xasprintf(&filter->string,
"#{m%s:*%s*,#{window_name}}",
suffix, s);
"#{m%s:%s%s%s,#{window_name}}",
suffix, star, s, star);
} else {
xasprintf(&filter->string,
"#{m%s:*%s*,#{pane_title}}",
suffix, s);
"#{m%s:%s%s%s,#{pane_title}}",
suffix, star, s, star);
}
new_args = args_create();

26
usr.bin/tmux/input.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: input.c,v 1.222 2023/09/15 06:31:49 nicm Exp $ */
/* $OpenBSD: input.c,v 1.223 2023/12/27 20:13:35 nicm Exp $ */
/*
* Copyright (c) 2007 Nicholas Marriott <nicholas.marriott@gmail.com>
@ -1846,10 +1846,13 @@ input_csi_dispatch_winops(struct input_ctx *ictx)
struct screen_write_ctx *sctx = &ictx->ctx;
struct screen *s = sctx->s;
struct window_pane *wp = ictx->wp;
struct window *w = wp->window;
struct window *w = NULL;
u_int x = screen_size_x(s), y = screen_size_y(s);
int n, m;
if (wp != NULL)
w = wp->window;
m = 0;
while ((n = input_get(ictx, m, 0, -1)) != -1) {
switch (n) {
@ -1878,13 +1881,22 @@ input_csi_dispatch_winops(struct input_ctx *ictx)
return;
break;
case 14:
input_reply(ictx, "\033[4;%u;%ut", y * w->ypixel, x * w->xpixel);
if (w == NULL)
break;
input_reply(ictx, "\033[4;%u;%ut", y * w->ypixel,
x * w->xpixel);
break;
case 15:
input_reply(ictx, "\033[5;%u;%ut", y * w->ypixel, x * w->xpixel);
if (w == NULL)
break;
input_reply(ictx, "\033[5;%u;%ut", y * w->ypixel,
x * w->xpixel);
break;
case 16:
input_reply(ictx, "\033[6;%u;%ut", w->ypixel, w->xpixel);
if (w == NULL)
break;
input_reply(ictx, "\033[6;%u;%ut", w->ypixel,
w->xpixel);
break;
case 18:
input_reply(ictx, "\033[8;%u;%ut", y, x);
@ -1914,8 +1926,8 @@ input_csi_dispatch_winops(struct input_ctx *ictx)
if (wp == NULL)
break;
notify_pane("pane-title-changed", wp);
server_redraw_window_borders(wp->window);
server_status_window(wp->window);
server_redraw_window_borders(w);
server_status_window(w);
break;
}
break;

3
usr.bin/tmux/screen.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: screen.c,v 1.83 2023/09/19 08:35:44 nicm Exp $ */
/* $OpenBSD: screen.c,v 1.84 2023/12/27 20:17:13 nicm Exp $ */
/*
* Copyright (c) 2007 Nicholas Marriott <nicholas.marriott@gmail.com>
@ -83,6 +83,7 @@ screen_init(struct screen *s, u_int sx, u_int sy, u_int hlimit)
s->cstyle = SCREEN_CURSOR_DEFAULT;
s->default_cstyle = SCREEN_CURSOR_DEFAULT;
s->mode = MODE_CURSOR;
s->default_mode = 0;
s->ccolour = -1;
s->default_ccolour = -1;

10
usr.bin/tmux/server-client.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: server-client.c,v 1.402 2023/09/02 20:03:10 nicm Exp $ */
/* $OpenBSD: server-client.c,v 1.403 2023/12/27 20:23:59 nicm Exp $ */
/*
* Copyright (c) 2009 Nicholas Marriott <nicholas.marriott@gmail.com>
@ -1867,7 +1867,7 @@ server_client_key_callback(struct cmdq_item *item, void *data)
struct key_binding *bd;
int xtimeout, flags;
struct cmd_find_state fs;
key_code key0;
key_code key0, prefix, prefix2;
/* Check the client is good to accept input. */
if (s == NULL || (c->flags & CLIENT_UNATTACHEDFLAGS))
@ -1939,9 +1939,11 @@ table_changed:
* The prefix always takes precedence and forces a switch to the prefix
* table, unless we are already there.
*/
prefix = (key_code)options_get_number(s->options, "prefix");
prefix2 = (key_code)options_get_number(s->options, "prefix2");
key0 = (key & (KEYC_MASK_KEY|KEYC_MASK_MODIFIERS));
if ((key0 == (key_code)options_get_number(s->options, "prefix") ||
key0 == (key_code)options_get_number(s->options, "prefix2")) &&
if ((key0 == (prefix & (KEYC_MASK_KEY|KEYC_MASK_MODIFIERS)) ||
key0 == (prefix2 & (KEYC_MASK_KEY|KEYC_MASK_MODIFIERS))) &&
strcmp(table->name, "prefix") != 0) {
server_client_set_key_table(c, "prefix");
server_status_client(c);

94
usr.bin/tmux/tmux.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: tmux.1,v 1.933 2023/09/16 16:18:29 nicm Exp $
.\" $OpenBSD: tmux.1,v 1.935 2023/12/27 20:23:59 nicm Exp $
.\"
.\" Copyright (c) 2007 Nicholas Marriott <nicholas.marriott@gmail.com>
.\"
@ -14,7 +14,7 @@
.\" IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: September 16 2023 $
.Dd $Mdocdate: December 27 2023 $
.Dt TMUX 1
.Os
.Sh NAME
@ -140,7 +140,7 @@ By default,
loads the system configuration file from
.Pa /etc/tmux.conf ,
if present, then looks for a user configuration file at
.Pa ~/.tmux.conf .
.Pa \[ti]/.tmux.conf .
.Pp
The configuration file is a set of
.Nm
@ -287,7 +287,7 @@ Rename the current session.
Split the current pane into two, left and right.
.It &
Kill the current window.
.It '
.It \[aq]
Prompt for a window index to select.
.It \&(
Switch the attached client to the previous session.
@ -359,7 +359,7 @@ Toggle zoom state of the current pane.
Swap the current pane with the previous pane.
.It }
Swap the current pane with the next pane.
.It ~
.It \[ti]
Show previous messages from
.Nm ,
if any.
@ -405,7 +405,7 @@ the command prompt.
For example, the same
.Ic set-option
command run from the shell prompt, from
.Pa ~/.tmux.conf
.Pa \[ti]/.tmux.conf
and bound to a key may look like:
.Bd -literal -offset indent
$ tmux set-option -g status-style bg=cyan
@ -458,7 +458,7 @@ To execute commands, each client has a
.Ql command queue .
A global command queue not attached to any client is used on startup
for configuration files like
.Pa ~/.tmux.conf .
.Pa \[ti]/.tmux.conf .
Parsed commands added to the queue are executed in order.
Some commands, like
.Ic if-shell
@ -530,7 +530,7 @@ $ tmux neww \\; splitw
.Pp
Or:
.Bd -literal -offset indent
$ tmux neww ';' splitw
$ tmux neww \[aq];\[aq] splitw
.Ed
.Pp
Or from the tmux command prompt:
@ -548,7 +548,7 @@ $ tmux neww\e; splitw
.Pp
Or:
.Bd -literal -offset indent
$ tmux 'neww;' splitw
$ tmux \[aq]neww;\[aq] splitw
.Ed
.Pp
As in these examples, when running tmux from the shell extra care must be taken
@ -560,7 +560,7 @@ should be escaped according to the shell conventions.
For
.Xr sh 1
this typically means quoted (such as
.Ql neww ';' splitw )
.Ql neww \[aq];\[aq] splitw )
or escaped (such as
.Ql neww \e\e\e\e; splitw ) .
.It
@ -570,14 +570,14 @@ a second time for
.Nm ;
for example:
.Bd -literal -offset indent
$ tmux neww 'foo\e\e;' bar
$ tmux neww \[aq]foo\e\e;\[aq] bar
$ tmux neww foo\e\e\e\e; bar
.Ed
.It
Semicolons that are not individual tokens or trailing another token should only
be escaped once according to shell conventions; for example:
.Bd -literal -offset indent
$ tmux neww 'foo-;-bar'
$ tmux neww \[aq]foo-;-bar\[aq]
$ tmux neww foo-\e\e;-bar
.Ed
.El
@ -590,8 +590,8 @@ line (the \e and the newline are completely removed).
This is called line continuation and applies both inside and outside quoted
strings and in comments, but not inside braces.
.Pp
Command arguments may be specified as strings surrounded by single (') quotes,
double quotes (") or braces ({}).
Command arguments may be specified as strings surrounded by single (\[aq])
quotes, double quotes (\[dq]) or braces ({}).
.\" "
This is required when the argument contains any special character.
Single and double quoted strings cannot span multiple lines except with line
@ -606,7 +606,7 @@ global environment (see the
.Sx GLOBAL AND SESSION ENVIRONMENT
section).
.It
A leading ~ or ~user is expanded to the home directory of the current or
A leading \[ti] or \[ti]user is expanded to the home directory of the current or
specified user.
.It
\euXXXX or \euXXXXXXXX is replaced by the Unicode codepoint corresponding to
@ -638,10 +638,10 @@ These two examples produce an identical command - note that no escaping is
needed when using {}:
.Bd -literal -offset indent
if-shell true {
display -p 'brace-dollar-foo: }$foo'
display -p \[aq]brace-dollar-foo: }$foo\[aq]
}
if-shell true "display -p 'brace-dollar-foo: }\e$foo'"
if-shell true "display -p \[aq]brace-dollar-foo: }\e$foo\[aq]"
.Ed
.Pp
Braces may be enclosed inside braces, for example:
@ -892,7 +892,7 @@ section)
or
.Ql {marked}
(alternative form
.Ql ~ )
.Ql \[ti] )
to specify the marked pane (see
.Ic select-pane
.Fl m ) .
@ -932,12 +932,12 @@ arguments are
commands.
This may be a single argument passed to the shell, for example:
.Bd -literal -offset indent
new-window 'vi ~/.tmux.conf'
new-window \[aq]vi \[ti]/.tmux.conf\[aq]
.Ed
.Pp
Will run:
.Bd -literal -offset indent
/bin/sh -c 'vi ~/.tmux.conf'
/bin/sh -c \[aq]vi \[ti]/.tmux.conf\[aq]
.Ed
.Pp
Additionally, the
@ -954,7 +954,7 @@ to be given as multiple arguments and executed directly (without
This can avoid issues with shell quoting.
For example:
.Bd -literal -offset indent
$ tmux new-window vi ~/.tmux.conf
$ tmux new-window vi \[ti]/.tmux.conf
.Ed
.Pp
Will run
@ -989,7 +989,7 @@ set-option -wt:0 monitor-activity on
new-window ; split-window -d
bind-key R source-file ~/.tmux.conf \e; \e
bind-key R source-file \[ti]/.tmux.conf \e; \e
display-message "source-file done"
.Ed
.Pp
@ -1000,7 +1000,7 @@ $ tmux kill-window -t :1
$ tmux new-window \e; split-window -d
$ tmux new-session -d 'vi ~/.tmux.conf' \e; split-window -d \e; attach
$ tmux new-session -d \[aq]vi \[ti]/.tmux.conf\[aq] \e; split-window -d \e; attach
.Ed
.Sh CLIENTS AND SESSIONS
The
@ -1581,7 +1581,7 @@ Note that as by default the
.Nm
server will exit with no sessions, this is only useful if a session is created
in
.Pa ~/.tmux.conf ,
.Pa \[ti]/.tmux.conf ,
.Ic exit-empty
is turned off, or another command is run as part of the same command sequence.
For example:
@ -2171,7 +2171,7 @@ For example:
$ tmux list-windows
0: ksh [159x48]
layout: bb62,159x48,0,0{79x48,0,0,79x48,80,0}
$ tmux select-layout 'bb62,159x48,0,0{79x48,0,0,79x48,80,0}'
$ tmux select-layout \[aq]bb62,159x48,0,0{79x48,0,0,79x48,80,0}\[aq]
.Ed
.Pp
.Nm
@ -2311,7 +2311,7 @@ is replaced by the client name in
and the result executed as a command.
If
.Ar template
is not given, "detach-client -t '%%'" is used.
is not given, "detach-client -t \[aq]%%\[aq]" is used.
.Pp
.Fl O
specifies the initial sort field: one of
@ -2396,7 +2396,7 @@ are replaced by the target in
and the result executed as a command.
If
.Ar template
is not given, "switch-client -t '%%'" is used.
is not given, "switch-client -t \[aq]%%\[aq]" is used.
.Pp
.Fl O
specifies the initial sort field: one of
@ -2508,7 +2508,7 @@ to be executed as a command with
substituted by the pane ID.
The default
.Ar template
is "select-pane -t '%%'".
is "select-pane -t \[aq]%%\[aq]".
With
.Fl b ,
other commands are not blocked from running until the indicator is closed.
@ -2870,7 +2870,7 @@ The
option only opens a new pipe if no previous pipe exists, allowing a pipe to
be toggled with a single key, for example:
.Bd -literal -offset indent
bind-key C-p pipe-pane -o 'cat >>~/output.#I-#P'
bind-key C-p pipe-pane -o \[aq]cat >>\[ti]/output.#I-#P\[aq]
.Ed
.Tg prevl
.It Xo Ic previous-layout
@ -3174,7 +3174,7 @@ zooms if the window is not zoomed, or keeps it zoomed if already zoomed.
.Pp
An empty
.Ar shell-command
('') will create a pane with no command running in it.
(\[aq]\[aq]) will create a pane with no command running in it.
Output can be sent to such a pane with the
.Ic display-message
command.
@ -3301,11 +3301,11 @@ and
Note that to bind the
.Ql \&"
or
.Ql '
.Ql \[aq]
keys, quotation marks are necessary, for example:
.Bd -literal -offset indent
bind-key '"' split-window
bind-key "'" new-window
bind-key \[aq]"\[aq] split-window
bind-key "\[aq]" new-window
.Ed
.Pp
A command bound to the
@ -3701,7 +3701,7 @@ it is replaced with
.Ar value .
For example, after:
.Pp
.Dl set -s command-alias[100] zoom='resize-pane -Z'
.Dl set -s command-alias[100] zoom=\[aq]resize-pane -Z\[aq]
.Pp
Using:
.Pp
@ -3939,7 +3939,7 @@ and so on.
.Pp
For example:
.Bd -literal -offset indent
set -s user-keys[0] "\ee[5;30012~"
set -s user-keys[0] "\ee[5;30012\[ti]"
bind User0 resize-pane -L 3
.Ed
.El
@ -4838,8 +4838,8 @@ or
.Fl H .
The following two commands are equivalent:
.Bd -literal -offset indent.
set-hook -g pane-mode-changed[42] 'set -g status-left-style bg=red'
set-option -g pane-mode-changed[42] 'set -g status-left-style bg=red'
set-hook -g pane-mode-changed[42] \[aq]set -g status-left-style bg=red\[aq]
set-option -g pane-mode-changed[42] \[aq]set -g status-left-style bg=red\[aq]
.Ed
.Pp
Setting a hook without specifying an array index clears the hook and sets the
@ -5778,7 +5778,7 @@ An escape sequence (if the
.Ic allow-rename
option is turned on):
.Bd -literal -offset indent
$ printf '\e033kWINDOW_NAME\e033\e\e'
$ printf \[aq]\e033kWINDOW_NAME\e033\e\e\[aq]
.Ed
.It
Automatic renaming, which sets the name to the active command in the window's
@ -5791,7 +5791,7 @@ option.
When a pane is first created, its title is the hostname.
A pane's title can be set via the title setting escape sequence, for example:
.Bd -literal -offset indent
$ printf '\e033]2;My Title\e033\e\e'
$ printf \[aq]\e033]2;My Title\e033\e\e\[aq]
.Ed
.Pp
It can also be modified with the
@ -5916,7 +5916,7 @@ The flag is one of the following symbols appended to the window name:
.It Li "-" Ta "Marks the last window (previously selected)."
.It Li "#" Ta "Window activity is monitored and activity has been detected."
.It Li "\&!" Ta "Window bells are monitored and a bell has occurred in the window."
.It Li "~" Ta "The window has been silent for the monitor-silence interval."
.It Li "\[ti]" Ta "The window has been silent for the monitor-silence interval."
.It Li "M" Ta "The window contains the marked pane."
.It Li "Z" Ta "The window's active pane is zoomed."
.El
@ -6451,7 +6451,7 @@ is replaced by the buffer name in
and the result executed as a command.
If
.Ar template
is not given, "paste-buffer -b '%%'" is used.
is not given, "paste-buffer -b \[aq]%%\[aq]" is used.
.Pp
.Fl O
specifies the initial sort field: one of
@ -6750,7 +6750,7 @@ If set, a sequence such as this may be used
to change the cursor colour from inside
.Nm :
.Bd -literal -offset indent
$ printf '\e033]12;red\e033\e\e'
$ printf \[aq]\e033]12;red\e033\e\e\[aq]
.Ed
.Pp
The colour is an
@ -6806,7 +6806,7 @@ Set or reset the cursor style.
If set, a sequence such as this may be used
to change the cursor to an underline:
.Bd -literal -offset indent
$ printf '\e033[4 q'
$ printf \[aq]\e033[4 q\[aq]
.Ed
.Pp
If
@ -7125,7 +7125,7 @@ options.
.El
.Sh FILES
.Bl -tag -width "/etc/tmux.confXXX" -compact
.It Pa ~/.tmux.conf
.It Pa \[ti]/.tmux.conf
Default
.Nm
configuration file.
@ -7191,7 +7191,7 @@ to exit from it.
Commands to be run when the
.Nm
server is started may be placed in the
.Pa ~/.tmux.conf
.Pa \[ti]/.tmux.conf
configuration file.
Common examples include:
.Pp
@ -7218,8 +7218,8 @@ set-option -g lock-after-time 1800
Creating new key bindings:
.Bd -literal -offset indent
bind-key b set-option status
bind-key / command-prompt "split-window 'exec man %%'"
bind-key S command-prompt "new-window -n %1 'ssh %1'"
bind-key / command-prompt "split-window \[aq]exec man %%\[aq]"
bind-key S command-prompt "new-window -n %1 \[aq]ssh %1\[aq]"
.Ed
.Sh SEE ALSO
.Xr pty 4

12
usr.sbin/bgpd/rtr_proto.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: rtr_proto.c,v 1.19 2023/10/19 13:14:19 claudio Exp $ */
/* $OpenBSD: rtr_proto.c,v 1.20 2023/12/27 12:00:30 claudio Exp $ */
/*
* Copyright (c) 2020 Claudio Jeker <claudio@openbsd.org>
@ -792,6 +792,7 @@ rtr_parse_error(struct rtr_session *rs, uint8_t *buf, size_t len)
uint8_t *msg;
char *str = NULL;
uint16_t errcode;
int rv = -1;
memcpy(&rh, buf, sizeof(rh));
buf += sizeof(struct rtr_header);
@ -832,13 +833,12 @@ rtr_parse_error(struct rtr_session *rs, uint8_t *buf, size_t len)
if (errcode == NO_DATA_AVAILABLE) {
rtr_fsm(rs, RTR_EVNT_NO_DATA);
free(str);
return 0;
}
if (errcode == UNSUPP_PROTOCOL_VERS)
rv = 0;
} else if (errcode == UNSUPP_PROTOCOL_VERS)
rtr_fsm(rs, RTR_EVNT_UNSUPP_PROTO_VERSION);
else
rtr_fsm(rs, RTR_EVNT_RESET_AND_CLOSE);
rs->last_recv_error = errcode;
if (str)
strlcpy(rs->last_recv_msg, str,
@ -848,7 +848,7 @@ rtr_parse_error(struct rtr_session *rs, uint8_t *buf, size_t len)
sizeof(rs->last_recv_msg));
free(str);
return -1;
return rv;
}
/*

14
usr.sbin/rpki-client/as.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: as.c,v 1.15 2023/10/18 07:10:24 tb Exp $ */
/* $OpenBSD: as.c,v 1.16 2023/12/27 07:15:55 tb Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
@ -137,18 +137,18 @@ as_check_covered(uint32_t min, uint32_t max,
}
void
as_warn(const char *fn, const struct cert_as *cert, const char *msg)
as_warn(const char *fn, const char *msg, const struct cert_as *as)
{
switch (cert->type) {
switch (as->type) {
case CERT_AS_ID:
warnx("%s: AS %u: %s", fn, cert->id, msg);
warnx("%s: %s: AS %u", fn, msg, as->id);
break;
case CERT_AS_RANGE:
warnx("%s: AS range %u--%u: %s", fn, cert->range.min,
cert->range.max, msg);
warnx("%s: %s: AS range %u--%u", fn, msg, as->range.min,
as->range.max);
break;
case CERT_AS_INHERIT:
warnx("%s: AS (inherit): %s", fn, msg);
warnx("%s: %s: AS (inherit)", fn, msg);
break;
default:
warnx("%s: corrupt cert", fn);

7
usr.sbin/rpki-client/constraints.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: constraints.c,v 1.1 2023/10/13 12:06:49 job Exp $ */
/* $OpenBSD: constraints.c,v 1.2 2023/12/27 07:15:55 tb Exp $ */
/*
* Copyright (c) 2023 Job Snijders <job@openbsd.org>
* Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
@ -578,7 +578,7 @@ constraints_validate(const char *fn, const struct cert *cert)
deny_as, deny_asz))
continue;
as_warn(fn, &cert->as[i], "violates trust anchor constraints");
as_warn(fn, "trust anchor constraints violation", &cert->as[i]);
return 0;
}
@ -592,7 +592,8 @@ constraints_validate(const char *fn, const struct cert *cert)
allow_ipsz, deny_ips, deny_ipsz))
continue;
ip_warn(fn, &cert->ips[i], "violates trust anchor constraints");
ip_warn(fn, "trust anchor constraints violation",
&cert->ips[i]);
return 0;
}

8
usr.sbin/rpki-client/extern.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: extern.h,v 1.196 2023/12/11 19:05:20 job Exp $ */
/* $OpenBSD: extern.h,v 1.197 2023/12/27 07:15:55 tb Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
@ -710,8 +710,6 @@ int ip_addr_parse(const ASN1_BIT_STRING *,
enum afi, const char *, struct ip_addr *);
void ip_addr_print(const struct ip_addr *, enum afi, char *,
size_t);
void ip_addr_range_print(const struct ip_addr_range *, enum afi,
char *, size_t);
int ip_addr_cmp(const struct ip_addr *, const struct ip_addr *);
int ip_addr_check_overlap(const struct cert_ip *,
const char *, const struct cert_ip *, size_t, int);
@ -719,7 +717,7 @@ int ip_addr_check_covered(enum afi, const unsigned char *,
const unsigned char *, const struct cert_ip *, size_t);
int ip_cert_compose_ranges(struct cert_ip *);
void ip_roa_compose_ranges(struct roa_ip *);
void ip_warn(const char *, const struct cert_ip *, const char *);
void ip_warn(const char *, const char *, const struct cert_ip *);
int sbgp_addr(const char *, struct cert_ip *, size_t *,
enum afi, const ASN1_BIT_STRING *);
@ -736,7 +734,7 @@ int as_check_overlap(const struct cert_as *, const char *,
const struct cert_as *, size_t, int);
int as_check_covered(uint32_t, uint32_t,
const struct cert_as *, size_t);
void as_warn(const char *, const struct cert_as *, const char *);
void as_warn(const char *, const char *, const struct cert_as *);
int sbgp_as_id(const char *, struct cert_as *, size_t *,
const ASN1_INTEGER *);

37
usr.sbin/rpki-client/ip.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ip.c,v 1.31 2023/10/18 07:10:24 tb Exp $ */
/* $OpenBSD: ip.c,v 1.32 2023/12/27 07:15:55 tb Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
@ -154,8 +154,8 @@ ip_addr_check_overlap(const struct cert_ip *ip, const char *fn,
if (!quiet) {
warnx("%s: RFC 3779 section 2.2.3.5: "
"cannot have overlapping IP addresses", fn);
ip_warn(fn, ip, "certificate IP");
ip_warn(fn, &ips[i], "offending IP");
ip_warn(fn, "certificate IP", ip);
ip_warn(fn, "offending IP", &ips[i]);
}
return 0;
}
@ -246,10 +246,11 @@ ip_addr_print(const struct ip_addr *addr,
* Convert a ip_addr into a NUL-terminated range notation string.
* The size of the buffer must be at least 95 (inclusive).
*/
void
static void
ip_addr_range_print(const struct ip_addr_range *range,
enum afi afi, char *buf, size_t bufsz)
{
struct cert_ip ip;
char min[INET6_ADDRSTRLEN], max[INET6_ADDRSTRLEN];
int ret, af;
@ -264,9 +265,17 @@ ip_addr_range_print(const struct ip_addr_range *range,
errx(1, "unsupported address family identifier");
}
if (inet_ntop(af, &range->min, min, sizeof(min)) == NULL)
memset(&ip, 0, sizeof(ip));
ip.afi = afi;
ip.type = CERT_IP_RANGE;
ip.range = *range;
if (!ip_cert_compose_ranges(&ip))
errx(1, "failed to compose ranges");
if (inet_ntop(af, ip.min, min, sizeof(min)) == NULL)
err(1, "inet_ntop");
if (inet_ntop(af, &range->max, max, sizeof(max)) == NULL)
if (inet_ntop(af, ip.max, max, sizeof(max)) == NULL)
err(1, "inet_ntop");
ret = snprintf(buf, bufsz, "%s--%s", min, max);
@ -311,7 +320,7 @@ ip_cert_compose_ranges(struct cert_ip *p)
return 1;
}
sz = AFI_IPV4 == p->afi ? 4 : 16;
sz = p->afi == AFI_IPV4 ? 4 : 16;
return memcmp(p->min, p->max, sz) <= 0;
}
@ -333,21 +342,21 @@ ip_roa_compose_ranges(struct roa_ip *p)
}
void
ip_warn(const char *fn, const struct cert_ip *cert, const char *msg)
ip_warn(const char *fn, const char *msg, const struct cert_ip *ip)
{
char buf[128];
switch (cert->type) {
switch (ip->type) {
case CERT_IP_ADDR:
ip_addr_print(&cert->ip, cert->afi, buf, sizeof(buf));
warnx("%s: %s: %s", fn, buf, msg);
ip_addr_print(&ip->ip, ip->afi, buf, sizeof(buf));
warnx("%s: %s: %s", fn, msg, buf);
break;
case CERT_IP_RANGE:
ip_addr_range_print(&cert->range, cert->afi, buf, sizeof(buf));
warnx("%s: %s: %s", fn, buf, msg);
ip_addr_range_print(&ip->range, ip->afi, buf, sizeof(buf));
warnx("%s: %s: %s", fn, msg, buf);
break;
case CERT_IP_INHERIT:
warnx("%s: (inherit): %s", fn, msg);
warnx("%s: %s: IP (inherit)", fn, msg);
break;
default:
warnx("%s: corrupt cert", fn);

11
usr.sbin/rpki-client/rrdp_delta.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: rrdp_delta.c,v 1.10 2023/12/24 10:48:58 job Exp $ */
/* $OpenBSD: rrdp_delta.c,v 1.12 2023/12/27 07:17:39 tb Exp $ */
/*
* Copyright (c) 2020 Nils Fisher <nils_fisher@hotmail.com>
* Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
@ -31,6 +31,7 @@
enum delta_scope {
DELTA_SCOPE_NONE,
DELTA_SCOPE_EMPTY_DELTA,
DELTA_SCOPE_DELTA,
DELTA_SCOPE_PUBLISH,
DELTA_SCOPE_END
@ -91,7 +92,7 @@ start_delta_elem(struct delta_xml *dxml, const char **attr)
if (dxml->current->serial != dxml->serial)
PARSE_FAIL(p, "parse failed - serial mismatch");
dxml->scope = DELTA_SCOPE_DELTA;
dxml->scope = DELTA_SCOPE_EMPTY_DELTA;
}
static void
@ -99,6 +100,8 @@ end_delta_elem(struct delta_xml *dxml)
{
XML_Parser p = dxml->parser;
if (dxml->scope == DELTA_SCOPE_EMPTY_DELTA)
PARSE_FAIL(p, "parse failed - empty delta");
if (dxml->scope != DELTA_SCOPE_DELTA)
PARSE_FAIL(p, "parse failed - exited delta "
"elem unexpectedely");
@ -114,7 +117,8 @@ start_publish_withdraw_elem(struct delta_xml *dxml, const char **attr,
int i, hasUri = 0, hasHash = 0;
enum publish_type pub = PUB_UPD;
if (dxml->scope != DELTA_SCOPE_DELTA)
if (dxml->scope != DELTA_SCOPE_EMPTY_DELTA &&
dxml->scope != DELTA_SCOPE_DELTA)
PARSE_FAIL(p, "parse failed - entered publish/withdraw "
"elem unexpectedely");
for (i = 0; attr[i]; i += 2) {
@ -263,6 +267,7 @@ free_delta_xml(struct delta_xml *dxml)
free(dxml);
}
/* Used in regress. */
void
log_delta_xml(struct delta_xml *dxml)
{

3
usr.sbin/rpki-client/rrdp_notification.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: rrdp_notification.c,v 1.18 2023/06/23 11:36:24 claudio Exp $ */
/* $OpenBSD: rrdp_notification.c,v 1.19 2023/12/27 07:17:39 tb Exp $ */
/*
* Copyright (c) 2020 Nils Fisher <nils_fisher@hotmail.com>
* Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
@ -608,6 +608,7 @@ notification_delta_done(struct notification_xml *nxml)
return TAILQ_EMPTY(&nxml->delta_q);
}
/* Used in regress. */
void
log_notification_xml(struct notification_xml *nxml)
{

3
usr.sbin/rpki-client/rrdp_snapshot.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: rrdp_snapshot.c,v 1.7 2023/01/04 14:22:43 claudio Exp $ */
/* $OpenBSD: rrdp_snapshot.c,v 1.8 2023/12/27 07:17:39 tb Exp $ */
/*
* Copyright (c) 2020 Nils Fisher <nils_fisher@hotmail.com>
* Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
@ -248,6 +248,7 @@ free_snapshot_xml(struct snapshot_xml *sxml)
free(sxml);
}
/* Used in regress. */
void
log_snapshot_xml(struct snapshot_xml *sxml)
{

65
usr.sbin/rpki-client/validate.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: validate.c,v 1.68 2023/10/19 17:05:55 job Exp $ */
/* $OpenBSD: validate.c,v 1.69 2023/12/27 07:15:55 tb Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
@ -135,7 +135,6 @@ valid_cert(const char *fn, struct auth *a, const struct cert *cert)
{
size_t i;
uint32_t min, max;
char buf[128];
for (i = 0; i < cert->asz; i++) {
if (cert->as[i].type == CERT_AS_INHERIT)
@ -152,19 +151,7 @@ valid_cert(const char *fn, struct auth *a, const struct cert *cert)
if (valid_as(a, min, max))
continue;
switch (cert->as[i].type) {
case CERT_AS_ID:
warnx("%s: RFC 6487: uncovered AS: %u", fn, min);
break;
case CERT_AS_RANGE:
warnx("%s: RFC 6487: uncovered AS: %u--%u", fn,
min, max);
break;
case CERT_AS_INHERIT:
warnx("%s: RFC 6487: uncovered AS: (inherit)", fn);
break;
}
as_warn(fn, "RFC 6487: uncovered resource", &cert->as[i]);
return 0;
}
@ -176,22 +163,7 @@ valid_cert(const char *fn, struct auth *a, const struct cert *cert)
cert->ips[i].max))
continue;
switch (cert->ips[i].type) {
case CERT_IP_ADDR:
ip_addr_print(&cert->ips[i].ip,
cert->ips[i].afi, buf, sizeof(buf));
warnx("%s: RFC 6487: uncovered IP: %s", fn, buf);
break;
case CERT_IP_RANGE:
ip_addr_range_print(&cert->ips[i].range,
cert->ips[i].afi, buf, sizeof(buf));
warnx("%s: RFC 6487: uncovered IP: %s", fn, buf);
break;
case CERT_IP_INHERIT:
warnx("%s: RFC 6487: uncovered IP: (inherit)", fn);
break;
}
ip_warn(fn, "RFC 6487: uncovered resource", &cert->ips[i]);
return 0;
}
@ -473,7 +445,6 @@ valid_rsc(const char *fn, struct cert *cert, struct rsc *rsc)
{
size_t i;
uint32_t min, max;
char buf[128];
for (i = 0; i < rsc->asz; i++) {
if (rsc->as[i].type == CERT_AS_ID) {
@ -487,18 +458,7 @@ valid_rsc(const char *fn, struct cert *cert, struct rsc *rsc)
if (as_check_covered(min, max, cert->as, cert->asz) > 0)
continue;
switch (rsc->as[i].type) {
case CERT_AS_ID:
warnx("%s: RSC resourceBlock: uncovered AS: %u", fn,
min);
break;
case CERT_AS_RANGE:
warnx("%s: RSC resourceBlock: uncovered AS: %u--%u",
fn, min, max);
break;
default:
break;
}
as_warn(fn, "RSC ResourceBlock uncovered", &rsc->as[i]);
return 0;
}
@ -507,22 +467,7 @@ valid_rsc(const char *fn, struct cert *cert, struct rsc *rsc)
rsc->ips[i].max, cert->ips, cert->ipsz) > 0)
continue;
switch (rsc->ips[i].type) {
case CERT_IP_ADDR:
ip_addr_print(&rsc->ips[i].ip, rsc->ips[i].afi, buf,
sizeof(buf));
warnx("%s: RSC ResourceBlock: uncovered IP: %s", fn,
buf);
break;
case CERT_IP_RANGE:
ip_addr_range_print(&rsc->ips[i].range, rsc->ips[i].afi,
buf, sizeof(buf));
warnx("%s: RSC ResourceBlock: uncovered IP: %s", fn,
buf);
break;
default:
break;
}
ip_warn(fn, "RSC ResourceBlock uncovered", &rsc->ips[i]);
return 0;
}

20
usr.sbin/smtpd/table.5
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: table.5,v 1.12 2021/02/13 08:05:57 jmc Exp $
.\" $OpenBSD: table.5,v 1.13 2023/12/27 11:29:56 op Exp $
.\"
.\" Copyright (c) 2013 Eric Faurot <eric@openbsd.org>
.\" Copyright (c) 2013 Gilles Chehade <gilles@poolp.org>
@ -16,7 +16,7 @@
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\"
.Dd $Mdocdate: February 13 2021 $
.Dd $Mdocdate: December 27 2023 $
.Dt TABLE 5
.Os
.Sh NAME
@ -42,9 +42,6 @@ table mymapping { key1 = value1, key2 = value2, key3 = value3 }
When using a
.Ql file
table, a list will be written with each value on a line by itself.
Comments can be put anywhere in the file using a hash mark
.Pq Sq # ,
and extend to the end of the current line.
.Bd -literal -offset indent
value1
value2
@ -52,13 +49,22 @@ value3
.Ed
.Pp
A mapping will be written with each key and value on a line,
whitespaces separating both columns:
whitespace and an optional colon separating both columns:
.Bd -literal -offset indent
key1 value1
key1: value1
key2 value2
key3 value3
.Ed
.Pp
Blank lines, leading and trailing spaces and tabs are ignored.
Lines whose first non-space character is a hash mark
.Pq Sq #
are comments and are ignored.
To force the parsing of a file table as a list rather than a mapping, use
this special comment:
.Pp
.Dl # @list
.Pp
A file table can be converted to a Berkeley database using the
.Xr makemap 8
utility with no syntax change.