SecBSD/src
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sync with OpenBSD -current

Browse Source
This commit is contained in:
purplerain 2024-05-30 15:25:45 +00:00
parent 222e583e28
commit 2d58860211
Signed by: purplerain
GPG Key ID: F42C07F07E2E35B7
41 changed files with 532 additions and 277 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
lib/libcrypto/asn1/a_object.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: a_object.c,v 1.51 2023/07/05 21:23:36 beck Exp $ */
/* $OpenBSD: a_object.c,v 1.54 2024/05/29 16:14:38 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -615,23 +615,34 @@ c2i_ASN1_OBJECT(ASN1_OBJECT **out_aobj, const unsigned char **pp, long len)
int
i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp)
{
unsigned char *p;
unsigned char *buf, *p;
int objsize;
if ((a == NULL) || (a->data == NULL))
return (0);
if (a == NULL || a->data == NULL)
return -1;
objsize = ASN1_object_size(0, a->length, V_ASN1_OBJECT);
if (pp == NULL)
return objsize;
p = *pp;
if ((buf = *pp) == NULL)
buf = calloc(1, objsize);
if (buf == NULL)
return -1;
p = buf;
ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);
memcpy(p, a->data, a->length);
p += a->length;
/* If buf was allocated, return it, otherwise return the advanced p. */
if (*pp == NULL)
p = buf;
*pp = p;
return (objsize);
return objsize;
}
LCRYPTO_ALIAS(i2d_ASN1_OBJECT);

14
share/man/man4/qwx.4
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: qwx.4,v 1.4 2024/02/21 21:31:02 stsp Exp $
.\" $OpenBSD: qwx.4,v 1.5 2024/05/29 09:04:12 stsp Exp $
.\"
.\" Copyright (c) 2022 Martin Pieuchot <mpi@openbsd.org>
.\" Copyright (c) 2024 Stefan Sperling <stsp@openbsd.org>
@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: February 21 2024 $
.Dd $Mdocdate: May 29 2024 $
.Dt QWX 4
.Os
.Sh NAME
@ -88,3 +88,13 @@ The
.Nm
driver first appeared in
.Ox 7.5 .
.Sh CAVEATS
The
.Nm
driver does not support any of the 802.11n, 802.11ac, and 802.11ax
capabilities offered by the hardware.
.Sh BUGS
Broadcast and Multicast frames are only received on networks which
do not use encryption or which use WPA2 with group cipher CCMP.
This prevents ARP and IPv6 from working correcly on other types of
networks.

8
sys/arch/amd64/amd64/acpi_machdep.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: acpi_machdep.c,v 1.109 2024/05/26 13:37:31 kettenis Exp $ */
/* $OpenBSD: acpi_machdep.c,v 1.110 2024/05/29 12:21:33 kettenis Exp $ */
/*
* Copyright (c) 2005 Thorsten Lockert <tholo@sigmasoft.com>
*
@ -377,6 +377,9 @@ acpi_attach_machdep(struct acpi_softc *sc)
int
acpi_sleep_cpu(struct acpi_softc *sc, int state)
{
if (state == ACPI_STATE_S0)
return cpu_suspend_primary();
rtcstop();
#if NLAPIC > 0
lapic_disable();
@ -458,6 +461,9 @@ acpi_sleep_cpu(struct acpi_softc *sc, int state)
void
acpi_resume_cpu(struct acpi_softc *sc, int state)
{
if (state == ACPI_STATE_S0)
return;
cpu_init_msrs(&cpu_info_primary);
cpu_fix_msrs(&cpu_info_primary);

51
sys/arch/amd64/amd64/cpu.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: cpu.c,v 1.188 2024/05/14 01:42:07 guenther Exp $ */
/* $OpenBSD: cpu.c,v 1.189 2024/05/29 12:21:33 kettenis Exp $ */
/* $NetBSD: cpu.c,v 1.1 2003/04/26 18:39:26 fvdl Exp $ */
/*-
@ -1461,3 +1461,52 @@ wbinvd_on_all_cpus(void)
return 0;
}
#endif
int cpu_suspended;
#ifdef SUSPEND
void
cpu_suspend_cycle(void)
{
cpu_idle_cycle_fcn();
}
int
cpu_suspend_primary(void)
{
struct cpu_info *ci = curcpu();
int count = 0;
printf("suspend\n");
/* Mask clock interrupts. */
local_pic.pic_hwmask(&local_pic, 0);
/*
* All non-wakeup interrupts should be masked at this point;
* re-enable interrupts such that wakeup interrupts actually
* wake us up. Set a flag such that drivers can tell we're
* suspended and change their behaviour accordingly. They can
* wake us up by clearing the flag.
*/
cpu_suspended = 1;
ci->ci_ilevel = IPL_NONE;
intr_enable();
while (cpu_suspended) {
cpu_suspend_cycle();
count++;
}
intr_disable();
ci->ci_ilevel = IPL_HIGH;
/* Unmask clock interrupts. */
local_pic.pic_hwunmask(&local_pic, 0);
printf("resume %d\n", count);
return 0;
}
#endif

12
sys/arch/amd64/amd64/intr.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: intr.c,v 1.57 2024/05/26 13:37:31 kettenis Exp $ */
/* $OpenBSD: intr.c,v 1.58 2024/05/29 12:21:33 kettenis Exp $ */
/* $NetBSD: intr.c,v 1.3 2003/03/03 22:16:20 fvdl Exp $ */
/*
@ -524,12 +524,22 @@ intr_disestablish(struct intrhand *ih)
int
intr_handler(struct intrframe *frame, struct intrhand *ih)
{
extern int cpu_suspended;
struct cpu_info *ci = curcpu();
int floor;
int rc;
#ifdef MULTIPROCESSOR
int need_lock;
#endif
/*
* We may not be able to mask MSIs, so block non-wakeup
* interrupts while we're suspended.
*/
if (cpu_suspended && (ih->ih_flags & IPL_WAKEUP) == 0)
return 0;
#ifdef MULTIPROCESSOR
if (ih->ih_flags & IPL_MPSAFE)
need_lock = 0;
else

4
sys/arch/amd64/include/cpu.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: cpu.h,v 1.170 2024/05/21 23:16:06 jsg Exp $ */
/* $OpenBSD: cpu.h,v 1.171 2024/05/29 12:21:33 kettenis Exp $ */
/* $NetBSD: cpu.h,v 1.1 2003/04/26 18:39:39 fvdl Exp $ */
/*-
@ -401,6 +401,8 @@ extern int cpu_meltdown;
extern u_int cpu_mwait_size;
extern u_int cpu_mwait_states;
int cpu_suspend_primary(void);
/* cacheinfo.c */
void x86_print_cacheinfo(struct cpu_info *);

6
sys/arch/arm64/arm64/cpu.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: cpu.c,v 1.116 2024/05/27 06:20:59 kettenis Exp $ */
/* $OpenBSD: cpu.c,v 1.117 2024/05/29 15:32:06 jsg Exp $ */
/*
* Copyright (c) 2016 Dale Rahn <drahn@dalerahn.com>
@ -87,6 +87,8 @@
#define CPU_PART_CORTEX_A720 0xd81
#define CPU_PART_CORTEX_X4 0xd82
#define CPU_PART_NEOVERSE_V3 0xd84
#define CPU_PART_CORTEX_X925 0xd85
#define CPU_PART_CORTEX_A725 0xd87
#define CPU_PART_CORTEX_A520AE 0xd88
#define CPU_PART_CORTEX_A720AE 0xd89
#define CPU_PART_NEOVERSE_N3 0xd8e
@ -159,11 +161,13 @@ struct cpu_cores cpu_cores_arm[] = {
{ CPU_PART_CORTEX_A715, "Cortex-A715" },
{ CPU_PART_CORTEX_A720, "Cortex-A720" },
{ CPU_PART_CORTEX_A720AE, "Cortex-A720AE" },
{ CPU_PART_CORTEX_A725, "Cortex-A725" },
{ CPU_PART_CORTEX_X1, "Cortex-X1" },
{ CPU_PART_CORTEX_X1C, "Cortex-X1C" },
{ CPU_PART_CORTEX_X2, "Cortex-X2" },
{ CPU_PART_CORTEX_X3, "Cortex-X3" },
{ CPU_PART_CORTEX_X4, "Cortex-X4" },
{ CPU_PART_CORTEX_X925, "Cortex-X925" },
{ CPU_PART_NEOVERSE_E1, "Neoverse E1" },
{ CPU_PART_NEOVERSE_N1, "Neoverse N1" },
{ CPU_PART_NEOVERSE_N2, "Neoverse N2" },

4
sys/arch/i386/i386/cpu.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: cpu.c,v 1.114 2023/10/24 13:20:10 claudio Exp $ */
/* $OpenBSD: cpu.c,v 1.115 2024/05/29 12:21:33 kettenis Exp $ */
/* $NetBSD: cpu.c,v 1.1.2.7 2000/06/26 02:04:05 sommerfeld Exp $ */
/*-
@ -925,3 +925,5 @@ wbinvd_on_all_cpus(void)
return 0;
}
#endif
int cpu_suspended;

5
sys/conf/files
View File

@ -1,4 +1,4 @@
# $OpenBSD: files,v 1.731 2024/04/10 13:59:05 naddy Exp $
# $OpenBSD: files,v 1.732 2024/05/29 13:56:49 mglocker Exp $
# $NetBSD: files,v 1.87 1996/05/19 17:17:50 jonathan Exp $
# @(#)files.newconf 7.5 (Berkeley) 5/10/93
@ -551,8 +551,7 @@ device qciic: i2cbus
# UFS HC
device ufshci: scsi
#device ufshci
file dev/ic/ufshci.c ufshci
file dev/ic/ufshci.c ufshci needs-flag
# legitimate pseudo-devices
pseudo-device vnd: disk

6
sys/dev/acpi/acpi.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: acpi.c,v 1.428 2024/05/13 19:56:37 kettenis Exp $ */
/* $OpenBSD: acpi.c,v 1.429 2024/05/29 12:21:33 kettenis Exp $ */
/*
* Copyright (c) 2005 Thorsten Lockert <tholo@sigmasoft.com>
* Copyright (c) 2005 Jordan Hargrave <jordan@openbsd.org>
@ -2085,6 +2085,7 @@ acpi_powerdown_task(void *arg0, int dummy)
int
acpi_interrupt(void *arg)
{
extern int cpu_suspended;
struct acpi_softc *sc = (struct acpi_softc *)arg;
uint32_t processed = 0, idx, jdx;
uint16_t sts, en;
@ -2137,6 +2138,9 @@ acpi_interrupt(void *arg)
ACPI_PM1_PWRBTN_STS);
sts &= ~ACPI_PM1_PWRBTN_STS;
if (cpu_suspended)
cpu_suspended = 0;
acpi_addtask(sc, acpi_pbtn_task, sc, 0);
}
if (sts & ACPI_PM1_SLPBTN_STS) {

36
sys/dev/acpi/acpi_x86.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: acpi_x86.c,v 1.20 2024/05/28 09:40:40 kettenis Exp $ */
/* $OpenBSD: acpi_x86.c,v 1.21 2024/05/29 12:21:33 kettenis Exp $ */
/*
* Copyright (c) 2005 Thorsten Lockert <tholo@sigmasoft.com>
* Copyright (c) 2005 Jordan Hargrave <jordan@openbsd.org>
@ -31,13 +31,18 @@ int
sleep_showstate(void *v, int sleepmode)
{
struct acpi_softc *sc = v;
int fallback_state = -1;
switch (sleepmode) {
case SLEEP_SUSPEND:
sc->sc_state = ACPI_STATE_S3;
#ifdef __amd64__
fallback_state = ACPI_STATE_S0; /* No S3, use S0 */
#endif
break;
case SLEEP_HIBERNATE:
sc->sc_state = ACPI_STATE_S4;
fallback_state = ACPI_STATE_S5; /* No S4, use S5 */
break;
default:
return (EOPNOTSUPP);
@ -45,10 +50,10 @@ sleep_showstate(void *v, int sleepmode)
if (sc->sc_sleeptype[sc->sc_state].slp_typa == -1 ||
sc->sc_sleeptype[sc->sc_state].slp_typb == -1) {
if (sc->sc_state == ACPI_STATE_S4) {
sc->sc_state = ACPI_STATE_S5; /* No S4, use S5 */
printf("%s: S4 unavailable, using S5\n",
sc->sc_dev.dv_xname);
if (fallback_state != -1) {
printf("%s: S%d unavailable, using S%d\n",
sc->sc_dev.dv_xname, sc->sc_state, fallback_state);
sc->sc_state = fallback_state;
} else {
printf("%s: state S%d unavailable\n",
sc->sc_dev.dv_xname, sc->sc_state);
@ -57,8 +62,10 @@ sleep_showstate(void *v, int sleepmode)
}
/* 1st suspend AML step: _TTS(tostate) */
if (aml_node_setval(sc, sc->sc_tts, sc->sc_state) != 0)
return (EINVAL);
if (sc->sc_state != ACPI_STATE_S0) {
if (aml_node_setval(sc, sc->sc_tts, sc->sc_state) != 0)
return (EINVAL);
}
acpi_indicator(sc, ACPI_SST_WAKING); /* blink */
return 0;
}
@ -69,8 +76,10 @@ sleep_setstate(void *v)
struct acpi_softc *sc = v;
/* 2nd suspend AML step: _PTS(tostate) */
if (aml_node_setval(sc, sc->sc_pts, sc->sc_state) != 0)
return (EINVAL);
if (sc->sc_state != ACPI_STATE_S0) {
if (aml_node_setval(sc, sc->sc_pts, sc->sc_state) != 0)
return (EINVAL);
}
acpi_indicator(sc, ACPI_SST_WAKING); /* blink */
return 0;
}
@ -85,7 +94,8 @@ gosleep(void *v)
acpi_indicator(sc, ACPI_SST_SLEEPING);
/* 3rd suspend AML step: _GTS(tostate) */
aml_node_setval(sc, sc->sc_gts, sc->sc_state);
if (sc->sc_state != ACPI_STATE_S0)
aml_node_setval(sc, sc->sc_gts, sc->sc_state);
/* Clear fixed event status */
acpi_write_pmreg(sc, ACPIREG_PM1_STS, 0, ACPI_PM1_ALL_STS);
@ -110,8 +120,10 @@ sleep_resume(void *v)
acpibtn_disable_psw(); /* disable _LID for wakeup */
/* 3rd resume AML step: _TTS(runstate) */
if (aml_node_setval(sc, sc->sc_tts, ACPI_STATE_S0) != 0)
return (EINVAL);
if (sc->sc_state != ACPI_STATE_S0) {
if (aml_node_setval(sc, sc->sc_tts, ACPI_STATE_S0) != 0)
return (EINVAL);
}
acpi_indicator(sc, ACPI_SST_WAKING); /* blink */
return 0;
}

5
sys/dev/acpi/tpm.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: tpm.c,v 1.19 2024/05/13 01:15:50 jsg Exp $ */
/* $OpenBSD: tpm.c,v 1.20 2024/05/29 12:21:33 kettenis Exp $ */
/*
* Minimal interface to Trusted Platform Module chips implementing the
@ -376,6 +376,9 @@ tpm_suspend(struct tpm_softc *sc)
uint8_t *command;
size_t commandlen;
if (sc->sc_acpi->sc_state == ACPI_STATE_S0)
return 0;
DPRINTF(("%s: saving state preparing for suspend\n",
sc->sc_dev.dv_xname));

4
sys/dev/ic/acxvar.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: acxvar.h,v 1.19 2008/07/21 04:12:21 kevlo Exp $ */
/* $OpenBSD: acxvar.h,v 1.20 2024/05/29 01:11:53 jsg Exp $ */
/*
* Copyright (c) 2006 Jonathan Gray <jsg@openbsd.org>
@ -469,8 +469,6 @@ struct acx_softc {
#define ACX_RADIO_RSSI_RADIA 78 /* 78db */
#define ACX_RADIO_RSSI_UNKN 0 /* unknown radio */
extern const struct ieee80211_rateset acx_rates_11b;
extern const struct ieee80211_rateset acx_rates_11g;
extern int acx_beacon_intvl;
void acx100_set_param(struct acx_softc *);

8
sys/dev/ic/aic79xx.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: aic79xx.h,v 1.30 2022/10/21 17:45:40 kn Exp $ */
/* $OpenBSD: aic79xx.h,v 1.31 2024/05/29 00:48:15 jsg Exp $ */
/*
* Copyright (c) 2004 Milos Urbanek, Kenneth R. Westerback & Marco Peereboom
@ -1329,8 +1329,6 @@ void ahd_unbusy_tcl(struct ahd_softc *ahd, u_int tcl);
/***************************** PCI Front End *********************************/
const struct ahd_pci_identity * ahd_find_pci_device(pcireg_t, pcireg_t);
int ahd_pci_config(struct ahd_softc *,
struct ahd_pci_identity *);
int ahd_pci_test_register_access(struct ahd_softc *);
/************************** SCB and SCB queue management **********************/
@ -1405,10 +1403,6 @@ int ahd_search_qinfifo(struct ahd_softc *ahd, int target,
char channel, int lun, u_int tag,
role_t role, uint32_t status,
ahd_search_action action);
int ahd_search_disc_list(struct ahd_softc *ahd, int target,
char channel, int lun, u_int tag,
int stop_on_first, int remove,
int save_state);
void ahd_freeze_devq(struct ahd_softc *ahd, struct scb *scb);
int ahd_reset_channel(struct ahd_softc *ahd, char channel,
int initiate_reset);

9
sys/dev/ic/aic79xx_openbsd.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: aic79xx_openbsd.h,v 1.21 2020/07/28 21:33:14 krw Exp $ */
/* $OpenBSD: aic79xx_openbsd.h,v 1.22 2024/05/29 00:48:15 jsg Exp $ */
/*
* Copyright (c) 2004 Milos Urbanek, Kenneth R. Westerback & Marco Peereboom
@ -232,9 +232,6 @@ void aic_platform_scb_free(struct ahd_softc *, struct scb *);
#define aic_get_pci_function(pci) ((pci)->pa_function)
#define aic_get_pci_slot(pci) ((pci)->pa_device)
#define aic_get_pci_bus(pci) ((pci)->pa_bus)
int ahd_pci_map_registers(struct ahd_softc *);
int ahd_pci_map_int(struct ahd_softc *);
/*#endif*/
typedef enum
@ -245,15 +242,11 @@ typedef enum
AHD_POWER_STATE_D3
} ahd_power_state;
void ahd_power_state_change(struct ahd_softc *, ahd_power_state);
/********************************* Debug **************************************/
void ahd_print_path(struct ahd_softc *, struct scb *);
void ahd_platform_dump_card_state(struct ahd_softc *ahd);
/**************************** Transfer Settings *******************************/
void ahd_notify_xfer_settings_change(struct ahd_softc *,
struct ahd_devinfo *);
void ahd_platform_set_tags(struct ahd_softc *, struct ahd_devinfo *,
ahd_queue_alg);

10
sys/dev/ic/aic7xxx_openbsd.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: aic7xxx_openbsd.h,v 1.31 2020/08/13 12:11:15 krw Exp $ */
/* $OpenBSD: aic7xxx_openbsd.h,v 1.32 2024/05/29 00:48:15 jsg Exp $ */
/* $NetBSD: aic7xxx_osm.h,v 1.7 2003/11/02 11:07:44 wiz Exp $ */
/*
@ -357,10 +357,6 @@ typedef enum
void ahc_power_state_change(struct ahc_softc *, ahc_power_state);
#endif
/******************************** VL/EISA *************************************/
int aic7770_map_registers(struct ahc_softc *, u_int);
int aic7770_map_int(struct ahc_softc *, int);
/********************************* Debug **************************************/
static __inline void ahc_print_path(struct ahc_softc *, struct scb *);
static __inline void ahc_platform_dump_card_state(struct ahc_softc *);
@ -379,15 +375,11 @@ ahc_platform_dump_card_state(struct ahc_softc *ahc)
ahc->features, ahc->flags, ahc->chip, ahc->bugs);
}
/**************************** Transfer Settings *******************************/
void ahc_notify_xfer_settings_change(struct ahc_softc *,
struct ahc_devinfo *);
void ahc_platform_set_tags(struct ahc_softc *, struct ahc_devinfo *, int);
/************************* Initialization/Teardown ****************************/
int ahc_map_int(struct ahc_softc *);
int ahc_attach(struct ahc_softc *);
int ahc_softc_comp(struct ahc_softc *, struct ahc_softc *);
int ahc_detach(struct device *, int);
/****************************** Interrupts ************************************/
int ahc_platform_intr(void *);

20
sys/dev/ic/aic7xxxvar.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: aic7xxxvar.h,v 1.38 2022/10/21 17:45:40 kn Exp $ */
/* $OpenBSD: aic7xxxvar.h,v 1.40 2024/05/29 01:11:53 jsg Exp $ */
/*
* Core definitions and data structures shareable across OS platforms.
*
@ -38,7 +38,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGES.
*
* $Id: aic7xxxvar.h,v 1.38 2022/10/21 17:45:40 kn Exp $
* $Id: aic7xxxvar.h,v 1.40 2024/05/29 01:11:53 jsg Exp $
*
* $FreeBSD: src/sys/dev/aic7xxx/aic7xxx.h,v 1.50 2003/12/17 00:02:09 gibbs Exp $
*/
@ -1164,15 +1164,6 @@ struct ahc_pci_identity {
extern const struct ahc_pci_identity ahc_pci_ident_table[];
/***************************** VL/EISA Declarations ***************************/
struct aic7770_identity {
uint32_t full_id;
uint32_t id_mask;
const char *name;
ahc_device_setup_t *setup;
};
extern struct aic7770_identity aic7770_ident_table[];
extern const int ahc_num_aic7770_devs;
#define AHC_EISA_SLOT_OFFSET 0xc00
#define AHC_EISA_IOSIZE 0x100
@ -1184,15 +1175,8 @@ void ahc_busy_tcl(struct ahc_softc *, u_int, u_int);
/***************************** PCI Front End *********************************/
const struct ahc_pci_identity *ahc_find_pci_device(pcireg_t, pcireg_t, u_int);
int ahc_pci_config(struct ahc_softc *,
struct ahc_pci_identity *);
int ahc_pci_test_register_access(struct ahc_softc *);
/*************************** EISA/VL Front End ********************************/
struct aic7770_identity *aic7770_find_device(uint32_t);
int aic7770_config(struct ahc_softc *,
struct aic7770_identity *, u_int);
/************************** SCB and SCB queue management **********************/
int ahc_probe_scbs(struct ahc_softc *);
void ahc_run_untagged_queues(struct ahc_softc *ahc);

3
sys/dev/ic/comvar.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: comvar.h,v 1.60 2024/05/12 08:42:13 jsg Exp $ */
/* $OpenBSD: comvar.h,v 1.61 2024/05/29 00:48:15 jsg Exp $ */
/* $NetBSD: comvar.h,v 1.5 1996/05/05 19:50:47 christos Exp $ */
/*
@ -147,7 +147,6 @@ void com_resume(struct com_softc *);
void comdiag(void *);
int comspeed(long, long);
u_char com_cflag2lcr(tcflag_t); /* XXX undefined */
int comparam(struct tty *, struct termios *);
void comstart(struct tty *);
void comsoft(void *);

3
sys/dev/ic/dp8390var.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: dp8390var.h,v 1.13 2022/01/09 05:42:38 jsg Exp $ */
/* $OpenBSD: dp8390var.h,v 1.14 2024/05/29 00:48:15 jsg Exp $ */
/* $NetBSD: dp8390var.h,v 1.8 1998/08/12 07:19:09 scottr Exp $ */
/*
@ -173,4 +173,3 @@ void dp8390_rint(struct dp8390_softc *);
void dp8390_getmcaf(struct arpcom *, u_int8_t *);
struct mbuf *dp8390_get(struct dp8390_softc *, int, u_short);
void dp8390_read(struct dp8390_softc *, int, u_short);

125
sys/dev/ic/qwx.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: qwx.c,v 1.61 2024/05/28 13:02:45 jsg Exp $ */
/* $OpenBSD: qwx.c,v 1.62 2024/05/29 07:24:26 stsp Exp $ */
/*
* Copyright 2023 Stefan Sperling <stsp@openbsd.org>
@ -157,6 +157,7 @@ int qwx_wmi_vdev_install_key(struct qwx_softc *,
struct wmi_vdev_install_key_arg *, uint8_t);
int qwx_dp_peer_rx_pn_replay_config(struct qwx_softc *, struct qwx_vif *,
struct ieee80211_node *, struct ieee80211_key *, int);
void qwx_setkey_clear(struct qwx_softc *);
int qwx_scan(struct qwx_softc *);
void qwx_scan_abort(struct qwx_softc *);
@ -183,7 +184,45 @@ qwx_init(struct ifnet *ifp)
struct ieee80211com *ic = &sc->sc_ic;
sc->fw_mode = ATH11K_FIRMWARE_MODE_NORMAL;
sc->crypto_mode = ATH11K_CRYPT_MODE_HW;
/*
* There are several known hardware/software crypto issues
* on wcn6855 devices, firmware 0x1106196e. It is unclear
* if these are driver or firmware bugs.
*
* 1) Broadcast/Multicast frames will only be received on
* encrypted networks if hardware crypto is used and a
* CCMP group key is used. Otherwise such frames never
* even trigger an interrupt. This breaks ARP and IPv6.
* This issue is known to affect the Linux ath11k vendor
* driver when software crypto mode is selected.
* Workaround: Use hardware crypto on WPA2 networks.
* However, even with hardware crypto broadcast frames
* are never received if TKIP is used as the WPA2 group
* cipher and we have no workaround for this.
*
* 2) Adding WEP keys for hardware crypto crashes the firmware.
* Presumably, lack of WEP support is deliberate because the
* Linux ath11k vendor driver rejects attempts to install
* WEP keys to hardware.
* Workaround: Use software crypto if WEP is enabled.
* This suffers from the broadcast issues mentioned above.
*
* 3) A WPA1 group key handshake message from the AP is never
* received if hardware crypto is used.
* Workaround: Use software crypto if WPA1 is enabled.
* This suffers from the broadcast issues mentioned above,
* even on WPA2 networks when WPA1 and WPA2 are both enabled.
* On OpenBSD, WPA1 is disabled by default.
*
* The only known fully working configurations are unencrypted
* networks, and WPA2/CCMP-only networks provided WPA1 remains
* disabled.
*/
if ((ic->ic_flags & IEEE80211_F_WEPON) ||
(ic->ic_rsnprotos & IEEE80211_PROTO_WPA))
sc->crypto_mode = ATH11K_CRYPT_MODE_SW;
else
sc->crypto_mode = ATH11K_CRYPT_MODE_HW;
sc->frame_mode = ATH11K_HW_TXRX_NATIVE_WIFI;
ic->ic_state = IEEE80211_S_INIT;
sc->ns_nstate = IEEE80211_S_INIT;
@ -291,6 +330,8 @@ qwx_stop(struct ifnet *ifp)
qwx_del_task(sc, systq, &sc->setkey_task);
refcnt_finalize(&sc->task_refs, "qwxstop");
qwx_setkey_clear(sc);
clear_bit(ATH11K_FLAG_CRASH_FLUSH, sc->sc_flags);
ifp->if_timer = sc->sc_tx_timer = 0;
@ -529,8 +570,8 @@ qwx_set_key(struct ieee80211com *ic, struct ieee80211_node *ni,
struct qwx_softc *sc = ic->ic_softc;
if (test_bit(ATH11K_FLAG_HW_CRYPTO_DISABLED, sc->sc_flags) ||
(k->k_cipher != IEEE80211_CIPHER_CCMP &&
k->k_cipher != IEEE80211_CIPHER_TKIP))
k->k_cipher == IEEE80211_CIPHER_WEP40 ||
k->k_cipher == IEEE80211_CIPHER_WEP104)
return ieee80211_set_key(ic, ni, k);
return qwx_queue_setkey_cmd(ic, ni, k, QWX_ADD_KEY);
@ -543,8 +584,8 @@ qwx_delete_key(struct ieee80211com *ic, struct ieee80211_node *ni,
struct qwx_softc *sc = ic->ic_softc;
if (test_bit(ATH11K_FLAG_HW_CRYPTO_DISABLED, sc->sc_flags) ||
(k->k_cipher != IEEE80211_CIPHER_CCMP &&
k->k_cipher != IEEE80211_CIPHER_TKIP)) {
k->k_cipher == IEEE80211_CIPHER_WEP40 ||
k->k_cipher == IEEE80211_CIPHER_WEP104) {
ieee80211_delete_key(ic, ni, k);
return;
}
@ -757,6 +798,24 @@ qwx_setkey_task(void *arg)
splx(s);
}
void
qwx_setkey_clear(struct qwx_softc *sc)
{
struct ieee80211com *ic = &sc->sc_ic;
struct qwx_setkey_task_arg *a;
while (sc->setkey_nkeys > 0) {
a = &sc->setkey_arg[sc->setkey_tail];
ieee80211_release_node(ic, a->ni);
a->ni = NULL;
sc->setkey_tail = (sc->setkey_tail + 1) %
nitems(sc->setkey_arg);
sc->setkey_nkeys--;
}
memset(sc->setkey_arg, 0, sizeof(sc->setkey_arg));
sc->setkey_cur = sc->setkey_tail = sc->setkey_nkeys = 0;
}
int
qwx_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg)
{
@ -773,21 +832,11 @@ qwx_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg)
nstate != IEEE80211_S_AUTH)
return 0;
if (ic->ic_state == IEEE80211_S_RUN) {
struct qwx_setkey_task_arg *a;
#if 0
qwx_del_task(sc, systq, &sc->ba_task);
#endif
qwx_del_task(sc, systq, &sc->setkey_task);
while (sc->setkey_nkeys > 0) {
a = &sc->setkey_arg[sc->setkey_tail];
ieee80211_release_node(ic, a->ni);
a->ni = NULL;
sc->setkey_tail = (sc->setkey_tail + 1) %
nitems(sc->setkey_arg);
sc->setkey_nkeys--;
}
memset(sc->setkey_arg, 0, sizeof(sc->setkey_arg));
sc->setkey_cur = sc->setkey_tail = sc->setkey_nkeys = 0;
qwx_setkey_clear(sc);
#if 0
qwx_del_task(sc, systq, &sc->bgscan_done_task);
#endif
@ -16021,13 +16070,15 @@ qwx_dp_rx_h_reo_err(struct qwx_softc *sc, struct qwx_rx_msdu *msdu,
int
qwx_dp_rx_h_rxdma_err(struct qwx_softc *sc, struct qwx_rx_msdu *msdu)
{
struct ieee80211com *ic = &sc->sc_ic;
int drop = 0;
#if 0
ar->ab->soc_stats.rxdma_error[rxcb->err_code]++;
#endif
switch (msdu->err_code) {
case HAL_REO_ENTR_RING_RXDMA_ECODE_TKIP_MIC_ERR:
drop = 1; /* OpenBSD uses TKIP in software crypto mode only */
ic->ic_stats.is_rx_locmicfail++;
drop = 1;
break;
default:
/* TODO: Review other rxdma error code to check if anything is
@ -24193,7 +24244,7 @@ qwx_dp_tx(struct qwx_softc *sc, struct qwx_vif *arvif, uint8_t pdev_id,
void *hal_tcl_desc;
uint8_t pool_id;
uint8_t hal_ring_id;
int ret, msdu_id;
int ret, msdu_id, off;
uint32_t ring_selector = 0;
uint8_t ring_map = 0;
@ -24238,22 +24289,34 @@ qwx_dp_tx(struct qwx_softc *sc, struct qwx_vif *arvif, uint8_t pdev_id,
if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) &&
ti.encap_type == HAL_TCL_ENCAP_TYPE_RAW) {
k = ieee80211_get_txkey(ic, wh, ni);
switch (k->k_cipher) {
case IEEE80211_CIPHER_CCMP:
ti.encrypt_type = HAL_ENCRYPT_TYPE_CCMP_128;
m->m_pkthdr.len += IEEE80211_CCMP_MICLEN;
break;
case IEEE80211_CIPHER_TKIP:
ti.encrypt_type = HAL_ENCRYPT_TYPE_TKIP_MIC;
m->m_pkthdr.len += IEEE80211_TKIP_MICLEN;
break;
default:
/* Fallback to software crypto for other ciphers. */
if (test_bit(ATH11K_FLAG_HW_CRYPTO_DISABLED, sc->sc_flags)) {
ti.encrypt_type = HAL_ENCRYPT_TYPE_OPEN;
break;
} else {
switch (k->k_cipher) {
case IEEE80211_CIPHER_CCMP:
ti.encrypt_type = HAL_ENCRYPT_TYPE_CCMP_128;
if (m_makespace(m, m->m_pkthdr.len,
IEEE80211_CCMP_MICLEN, &off) == NULL) {
m_freem(m);
return ENOSPC;
}
break;
case IEEE80211_CIPHER_TKIP:
ti.encrypt_type = HAL_ENCRYPT_TYPE_TKIP_MIC;
if (m_makespace(m, m->m_pkthdr.len,
IEEE80211_TKIP_MICLEN, &off) == NULL) {
m_freem(m);
return ENOSPC;
}
break;
default:
ti.encrypt_type = HAL_ENCRYPT_TYPE_OPEN;
break;
}
}
if (ti.encrypt_type == HAL_ENCRYPT_TYPE_OPEN) {
/* Using software crypto. */
if ((m = ieee80211_encrypt(ic, m, k)) == NULL)
return ENOBUFS;
/* 802.11 header may have moved. */

4
sys/dev/ic/stivar.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: stivar.h,v 1.27 2021/05/01 20:04:33 kettenis Exp $ */
/* $OpenBSD: stivar.h,v 1.28 2024/05/29 00:48:15 jsg Exp $ */
/*
* Copyright (c) 2000-2003 Michael Shalayeff
@ -138,8 +138,6 @@ struct sti_softc {
int sti_attach_common(struct sti_softc *, bus_space_tag_t, bus_space_tag_t,
bus_space_handle_t, u_int);
int sti_cnattach(struct sti_rom *, struct sti_screen *, bus_space_tag_t,
bus_addr_t *, u_int);
void sti_describe(struct sti_softc *);
void sti_end_attach(void *);
u_int sti_rom_size(bus_space_tag_t, bus_space_handle_t);

3
sys/dev/ic/ufshcivar.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ufshcivar.h,v 1.8 2024/05/24 09:51:14 mglocker Exp $ */
/* $OpenBSD: ufshcivar.h,v 1.9 2024/05/29 00:48:15 jsg Exp $ */
/*
* Copyright (c) 2022 Marcus Glocker <mglocker@openbsd.org>
@ -82,6 +82,5 @@ struct ufshci_softc {
};
int ufshci_intr(void *);
void ufshci_attach_hook(struct device *); /* XXX: Only for testing */
int ufshci_attach(struct ufshci_softc *);
int ufshci_activate(struct ufshci_softc *, int);

3
sys/dev/ic/wdcvar.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: wdcvar.h,v 1.57 2022/01/09 05:42:42 jsg Exp $ */
/* $OpenBSD: wdcvar.h,v 1.58 2024/05/29 00:48:15 jsg Exp $ */
/* $NetBSD: wdcvar.h,v 1.17 1999/04/11 20:50:29 bouyer Exp $ */
/*-
@ -305,7 +305,6 @@ void wdc_delref(struct channel_softc *);
void wdc_disable_intr(struct channel_softc *);
void wdc_enable_intr(struct channel_softc *);
int wdc_select_drive(struct channel_softc *, int, int);
void wdc_set_drive(struct channel_softc *, int drive);
void wdc_output_bytes(struct ata_drive_datas *drvp, void *, unsigned int);
void wdc_input_bytes(struct ata_drive_datas *drvp, void *, unsigned int);

3
sys/dev/isa/gusvar.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: gusvar.h,v 1.13 2022/11/02 10:41:34 kn Exp $ */
/* $OpenBSD: gusvar.h,v 1.14 2024/05/29 00:48:14 jsg Exp $ */
/* $NetBSD: gus.c,v 1.51 1998/01/25 23:48:06 mycroft Exp $ */
/*-
@ -310,7 +310,6 @@ void gusmax_close(void *);
int gusintr(void *);
int gus_set_in_gain(caddr_t, u_int, u_char);
int gus_get_in_gain(caddr_t);
int gus_set_out_gain(caddr_t, u_int, u_char);
int gus_get_out_gain(caddr_t);
int gus_set_params(void *, int, int, struct audio_params *, struct audio_params *);
int gusmax_set_params(void *, int, int, struct audio_params *, struct audio_params *);

12
sys/dev/usb/if_athn_usb.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: if_athn_usb.c,v 1.66 2024/05/23 03:21:08 jsg Exp $ */
/* $OpenBSD: if_athn_usb.c,v 1.67 2024/05/29 07:27:33 stsp Exp $ */
/*-
* Copyright (c) 2011 Damien Bergamini <damien.bergamini@free.fr>
@ -1640,6 +1640,11 @@ athn_usb_set_key(struct ieee80211com *ic, struct ieee80211_node *ni,
(IFF_UP | IFF_RUNNING))
return (0);
if (k->k_cipher != IEEE80211_CIPHER_CCMP) {
/* Use software crypto for ciphers other than CCMP. */
return ieee80211_set_key(ic, ni, k);
}
/* Do it in a process context. */
cmd.ni = (ni != NULL) ? ieee80211_ref_node(ni) : NULL;
cmd.key = k;
@ -1682,6 +1687,11 @@ athn_usb_delete_key(struct ieee80211com *ic, struct ieee80211_node *ni,
ic->ic_state != IEEE80211_S_RUN)
return; /* Nothing to do. */
if (k->k_cipher != IEEE80211_CIPHER_CCMP) {
ieee80211_delete_key(ic, ni, k);
return;
}
/* Do it in a process context. */
cmd.ni = (ni != NULL) ? ieee80211_ref_node(ni) : NULL;
cmd.key = k;

3
sys/dev/usb/usbdevs
View File

@ -1,4 +1,4 @@
$OpenBSD: usbdevs,v 1.765 2024/05/23 08:06:22 kevlo Exp $
$OpenBSD: usbdevs,v 1.766 2024/05/29 06:48:43 jsg Exp $
/* $NetBSD: usbdevs,v 1.322 2003/05/10 17:47:14 hamajima Exp $ */
/*
@ -1023,6 +1023,7 @@ product APPLE IPHONE_4S 0x12a0 iPhone 4S
product APPLE IPHONE_6 0x12a8 iPhone 6
product APPLE ETHERNET 0x1402 Ethernet A1277
product APPLE BLUETOOTH2 0x8205 Bluetooth
product APPLE BLUETOOTH3 0x8207 Bluetooth
product APPLE BLUETOOTH 0x8300 Bluetooth
product APPLE ISIGHT_1 0x8501 iSight
product APPLE ISIGHT 0x8502 iSight

5
sys/dev/usb/usbdevs.h
View File

@ -1,10 +1,10 @@
/* $OpenBSD: usbdevs.h,v 1.777 2024/05/23 08:06:45 kevlo Exp $ */
/* $OpenBSD: usbdevs.h,v 1.778 2024/05/29 06:49:38 jsg Exp $ */
/*
* THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
*
* generated from:
* OpenBSD: usbdevs,v 1.765 2024/05/23 08:06:22 kevlo Exp
* OpenBSD: usbdevs,v 1.766 2024/05/29 06:48:43 jsg Exp
*/
/* $NetBSD: usbdevs,v 1.322 2003/05/10 17:47:14 hamajima Exp $ */
@ -1030,6 +1030,7 @@
#define USB_PRODUCT_APPLE_IPHONE_6 0x12a8 /* iPhone 6 */
#define USB_PRODUCT_APPLE_ETHERNET 0x1402 /* Ethernet A1277 */
#define USB_PRODUCT_APPLE_BLUETOOTH2 0x8205 /* Bluetooth */
#define USB_PRODUCT_APPLE_BLUETOOTH3 0x8207 /* Bluetooth */
#define USB_PRODUCT_APPLE_BLUETOOTH 0x8300 /* Bluetooth */
#define USB_PRODUCT_APPLE_ISIGHT_1 0x8501 /* iSight */
#define USB_PRODUCT_APPLE_ISIGHT 0x8502 /* iSight */

8
sys/dev/usb/usbdevs_data.h
View File

@ -1,10 +1,10 @@
/* $OpenBSD: usbdevs_data.h,v 1.771 2024/05/23 08:06:45 kevlo Exp $ */
/* $OpenBSD: usbdevs_data.h,v 1.772 2024/05/29 06:49:38 jsg Exp $ */
/*
* THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
*
* generated from:
* OpenBSD: usbdevs,v 1.765 2024/05/23 08:06:22 kevlo Exp
* OpenBSD: usbdevs,v 1.766 2024/05/29 06:48:43 jsg Exp
*/
/* $NetBSD: usbdevs,v 1.322 2003/05/10 17:47:14 hamajima Exp $ */
@ -1001,6 +1001,10 @@ const struct usb_known_product usb_known_products[] = {
USB_VENDOR_APPLE, USB_PRODUCT_APPLE_BLUETOOTH2,
"Bluetooth",
},
{
USB_VENDOR_APPLE, USB_PRODUCT_APPLE_BLUETOOTH3,
"Bluetooth",
},
{
USB_VENDOR_APPLE, USB_PRODUCT_APPLE_BLUETOOTH,
"Bluetooth",

4
sys/dev/wscons/wsmux.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: wsmux.c,v 1.57 2024/03/25 13:01:49 mvs Exp $ */
/* $OpenBSD: wsmux.c,v 1.58 2024/05/29 06:39:13 jsg Exp $ */
/* $NetBSD: wsmux.c,v 1.37 2005/04/30 03:47:12 augustss Exp $ */
/*
@ -216,7 +216,7 @@ wsmuxopen(dev_t dev, int flags, int mode, struct proc *p)
error = wsmux_do_open(sc, evar);
if (error)
wsevent_fini(evar);
wsevent_fini(evar);
return (error);
}

3
sys/net/pipex_local.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: pipex_local.h,v 1.51 2024/01/23 17:57:21 mvs Exp $ */
/* $OpenBSD: pipex_local.h,v 1.52 2024/05/29 00:48:15 jsg Exp $ */
/*
* Copyright (c) 2009 Internet Initiative Japan Inc.
@ -468,7 +468,6 @@ struct mbuf *ip_is_idle_packet (struct mbuf *, int *);
void pipex_session_log (struct pipex_session *, int, const char *, ...) __attribute__((__format__(__printf__,3,4)));
uint32_t pipex_sockaddr_hash_key(struct sockaddr *);
int pipex_sockaddr_compar_addr(struct sockaddr *, struct sockaddr *);
int pipex_ppp_enqueue (struct mbuf *, struct pipex_session *, struct mbuf_queue *);
void pipex_timer_start (void);
void pipex_timer_stop (void);
void pipex_timer (void *);

4
sys/net80211/ieee80211_proto.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ieee80211_proto.h,v 1.48 2022/03/14 15:07:24 stsp Exp $ */
/* $OpenBSD: ieee80211_proto.h,v 1.49 2024/05/29 00:48:15 jsg Exp $ */
/* $NetBSD: ieee80211_proto.h,v 1.3 2003/10/13 04:23:56 dyoung Exp $ */
/*-
@ -119,8 +119,6 @@ extern u_int8_t *ieee80211_add_capinfo(u_int8_t *, struct ieee80211com *,
extern u_int8_t *ieee80211_add_ssid(u_int8_t *, const u_int8_t *, u_int);
extern u_int8_t *ieee80211_add_rates(u_int8_t *,
const struct ieee80211_rateset *);
extern u_int8_t *ieee80211_add_fh_params(u_int8_t *, struct ieee80211com *,
const struct ieee80211_node *);
extern u_int8_t *ieee80211_add_ds_params(u_int8_t *, struct ieee80211com *,
const struct ieee80211_node *);
extern u_int8_t *ieee80211_add_tim(u_int8_t *, struct ieee80211com *);

3
usr.sbin/bgpd/rde.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: rde.h,v 1.302 2024/05/22 08:41:14 claudio Exp $ */
/* $OpenBSD: rde.h,v 1.303 2024/05/29 10:36:32 claudio Exp $ */
/*
* Copyright (c) 2003, 2004 Claudio Jeker <claudio@openbsd.org> and
@ -680,7 +680,6 @@ void nexthop_update(struct kroute_nexthop *);
struct nexthop *nexthop_get(struct bgpd_addr *);
struct nexthop *nexthop_ref(struct nexthop *);
int nexthop_unref(struct nexthop *);
int nexthop_compare(struct nexthop *, struct nexthop *);
/* rde_update.c */
void up_generate_updates(struct rde_peer *, struct rib_entry *);

13
usr.sbin/bgpd/rde_rib.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: rde_rib.c,v 1.261 2023/10/16 10:25:46 claudio Exp $ */
/* $OpenBSD: rde_rib.c,v 1.262 2024/05/29 10:34:56 claudio Exp $ */
/*
* Copyright (c) 2003, 2004 Claudio Jeker <claudio@openbsd.org>
@ -1644,7 +1644,10 @@ TAILQ_HEAD(nexthop_queue, nexthop) nexthop_runners =
RB_HEAD(nexthop_tree, nexthop) nexthoptable =
RB_INITIALIZER(&nexthoptree);
RB_GENERATE_STATIC(nexthop_tree, nexthop, entry, nexthop_compare);
static inline int nexthop_cmp(struct nexthop *, struct nexthop *);
RB_GENERATE_STATIC(nexthop_tree, nexthop, entry, nexthop_cmp);
void
nexthop_shutdown(void)
@ -1834,7 +1837,7 @@ nexthop_get(struct bgpd_addr *nexthop)
if (nh == NULL) {
nh = calloc(1, sizeof(*nh));
if (nh == NULL)
fatal("nexthop_alloc");
fatal("nexthop_get");
rdemem.nexthop_cnt++;
LIST_INIT(&nh->prefix_h);
@ -1882,8 +1885,8 @@ nexthop_unref(struct nexthop *nh)
return (1);
}
int
nexthop_compare(struct nexthop *na, struct nexthop *nb)
static inline int
nexthop_cmp(struct nexthop *na, struct nexthop *nb)
{
struct bgpd_addr *a, *b;

22
usr.sbin/bgpd/rde_update.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: rde_update.c,v 1.166 2024/01/23 16:13:35 claudio Exp $ */
/* $OpenBSD: rde_update.c,v 1.167 2024/05/29 10:41:12 claudio Exp $ */
/*
* Copyright (c) 2004 Claudio Jeker <claudio@openbsd.org>
@ -454,16 +454,18 @@ up_generate_default(struct rde_peer *peer, uint8_t aid)
static struct bgpd_addr *
up_get_nexthop(struct rde_peer *peer, struct filterstate *state, uint8_t aid)
{
struct bgpd_addr *peer_local;
struct bgpd_addr *peer_local = NULL;
switch (aid) {
case AID_INET:
case AID_VPN_IPv4:
peer_local = &peer->local_v4_addr;
if (peer->local_v4_addr.aid == AID_INET)
peer_local = &peer->local_v4_addr;
break;
case AID_INET6:
case AID_VPN_IPv6:
peer_local = &peer->local_v6_addr;
if (peer->local_v4_addr.aid == AID_INET6)
peer_local = &peer->local_v6_addr;
break;
case AID_FLOWSPECv4:
case AID_FLOWSPECv6:
@ -613,6 +615,8 @@ up_generate_attr(struct ibuf *buf, struct rde_peer *peer,
case ATTR_NEXTHOP:
switch (aid) {
case AID_INET:
if (nh == NULL)
return -1;
if (attr_writebuf(buf, ATTR_WELL_KNOWN,
ATTR_NEXTHOP, &nh->exit_nexthop.v4,
sizeof(nh->exit_nexthop.v4)) == -1)
@ -889,6 +893,8 @@ up_generate_mp_reach(struct ibuf *buf, struct rde_peer *peer,
switch (aid) {
case AID_INET6:
if (nh == NULL)
return -1;
/* NH LEN */
if (ibuf_add_n8(buf, sizeof(struct in6_addr)) == -1)
return -1;
@ -898,6 +904,8 @@ up_generate_mp_reach(struct ibuf *buf, struct rde_peer *peer,
return -1;
break;
case AID_VPN_IPv4:
if (nh == NULL)
return -1;
/* NH LEN */
if (ibuf_add_n8(buf,
sizeof(uint64_t) + sizeof(struct in_addr)) == -1)
@ -911,6 +919,8 @@ up_generate_mp_reach(struct ibuf *buf, struct rde_peer *peer,
return -1;
break;
case AID_VPN_IPv6:
if (nh == NULL)
return -1;
/* NH LEN */
if (ibuf_add_n8(buf,
sizeof(uint64_t) + sizeof(struct in6_addr)) == -1)
@ -1091,10 +1101,10 @@ up_dump_update(struct ibuf *buf, struct rde_peer *peer, uint8_t aid)
fail:
/* Not enough space. Drop prefix, it will never fit. */
pt_getaddr(p->pt, &addr);
log_peer_warnx(&peer->conf, "path attributes to large, "
log_peer_warnx(&peer->conf, "dump of path attributes failed, "
"prefix %s/%d dropped", log_addr(&addr), p->pt->prefixlen);
up_prefix_free(&peer->updates[AID_INET], p, peer, 0);
up_prefix_free(&peer->updates[aid], p, peer, 0);
/* XXX should probably send a withdraw for this prefix */
return -1;
}

7
usr.sbin/bgpd/session.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: session.c,v 1.478 2024/05/22 08:41:14 claudio Exp $ */
/* $OpenBSD: session.c,v 1.479 2024/05/29 10:38:24 claudio Exp $ */
/*
* Copyright (c) 2003, 2004, 2005 Henning Brauer <henning@openbsd.org>
@ -2559,6 +2559,7 @@ parse_capabilities(struct peer *peer, struct ibuf *buf, uint32_t *as)
"Received multi protocol capability: "
" unknown AFI %u, safi %u pair",
afi, safi);
peer->capa.peer.mp[AID_UNSPEC] = 1;
break;
}
peer->capa.peer.mp[aid] = 1;
@ -2715,12 +2716,14 @@ capa_neg_calc(struct peer *p)
(p->capa.ann.as4byte && p->capa.peer.as4byte) != 0;
/* MP: both side must agree on the AFI,SAFI pair */
if (p->capa.peer.mp[AID_UNSPEC])
hasmp = 1;
for (i = AID_MIN; i < AID_MAX; i++) {
if (p->capa.ann.mp[i] && p->capa.peer.mp[i])
p->capa.neg.mp[i] = 1;
else
p->capa.neg.mp[i] = 0;
if (p->capa.ann.mp[i])
if (p->capa.ann.mp[i] || p->capa.peer.mp[i])
hasmp = 1;
}
/* if no MP capability present default to IPv4 unicast mode */

12
usr.sbin/bgpd/util.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: util.c,v 1.85 2024/03/22 15:41:34 claudio Exp $ */
/* $OpenBSD: util.c,v 1.86 2024/05/29 10:34:07 claudio Exp $ */
/*
* Copyright (c) 2006 Claudio Jeker <claudio@openbsd.org>
@ -98,13 +98,15 @@ log_in6addr(const struct in6_addr *addr)
const char *
log_sockaddr(struct sockaddr *sa, socklen_t len)
{
static char buf[NI_MAXHOST];
static char buf[4][NI_MAXHOST];
static int bufidx;
if (sa == NULL || getnameinfo(sa, len, buf, sizeof(buf), NULL, 0,
NI_NUMERICHOST))
bufidx = (bufidx + 1) % 4;
if (sa == NULL || getnameinfo(sa, len, buf[bufidx], sizeof(buf[0]),
NULL, 0, NI_NUMERICHOST))
return ("(unknown)");
else
return (buf);
return (buf[bufidx]);
}
const char *

154
usr.sbin/rpki-client/crl.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: crl.c,v 1.34 2024/04/21 19:27:44 claudio Exp $ */
/* $OpenBSD: crl.c,v 1.35 2024/05/29 13:26:24 tb Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
@ -24,6 +24,142 @@
#include "extern.h"
/*
* Check that the CRL number extension is present and that it is non-critical.
* Otherwise ignore it per draft-spaghetti-sidrops-rpki-crl-numbers.
*/
static int
crl_has_crl_number(const char *fn, const X509_CRL *x509_crl)
{
const X509_EXTENSION *ext;
int idx;
if ((idx = X509_CRL_get_ext_by_NID(x509_crl, NID_crl_number, -1)) < 0) {
warnx("%s: RFC 6487, section 5: missing CRL number", fn);
return 0;
}
if ((ext = X509_CRL_get_ext(x509_crl, idx)) == NULL) {
warnx("%s: RFC 6487, section 5: failed to get CRL number", fn);
return 0;
}
if (X509_EXTENSION_get_critical(ext) != 0) {
warnx("%s: RFC 6487, section 5: CRL number not non-critical",
fn);
return 0;
}
return 1;
}
/*
* Parse X509v3 authority key identifier (AKI) from the CRL.
* Returns the AKI or NULL if it could not be parsed.
* The AKI is formatted as a hex string.
*/
static char *
crl_get_aki(const char *fn, X509_CRL *x509_crl)
{
AUTHORITY_KEYID *akid = NULL;
ASN1_OCTET_STRING *os;
const unsigned char *d;
int dsz, crit;
char *res = NULL;
if ((akid = X509_CRL_get_ext_d2i(x509_crl, NID_authority_key_identifier,
&crit, NULL)) == NULL) {
if (crit != -1)
warnx("%s: RFC 6487 section 4.8.3: AKI: "
"failed to parse CRL extension", fn);
else
warnx("%s: RFC 6487 section 4.8.3: AKI: "
"CRL extension missing", fn);
goto out;
}
if (crit != 0) {
warnx("%s: RFC 6487 section 4.8.3: "
"AKI: extension not non-critical", fn);
goto out;
}
if (akid->issuer != NULL || akid->serial != NULL) {
warnx("%s: RFC 6487 section 4.8.3: AKI: "
"authorityCertIssuer or authorityCertSerialNumber present",
fn);
goto out;
}
os = akid->keyid;
if (os == NULL) {
warnx("%s: RFC 6487 section 4.8.3: AKI: "
"Key Identifier missing", fn);
goto out;
}
d = os->data;
dsz = os->length;
if (dsz != SHA_DIGEST_LENGTH) {
warnx("%s: RFC 6487 section 4.8.3: AKI: "
"want %d bytes SHA1 hash, have %d bytes",
fn, SHA_DIGEST_LENGTH, dsz);
goto out;
}
res = hex_encode(d, dsz);
out:
AUTHORITY_KEYID_free(akid);
return res;
}
/*
* Check that the list of revoked certificates contains only the specified
* two fields, Serial Number and Revocation Date, and that no extensions are
* present.
*/
static int
crl_check_revoked(const char *fn, X509_CRL *x509_crl)
{
STACK_OF(X509_REVOKED) *list;
X509_REVOKED *revoked;
int count, i;
/* If there are no revoked certificates, there's nothing to check. */
if ((list = X509_CRL_get_REVOKED(x509_crl)) == NULL)
return 1;
if ((count = sk_X509_REVOKED_num(list)) <= 0) {
/*
* XXX - as of May 2024, ~15% of RPKI CRLs fail this check due
* to a bug in rpki-rs/Krill. So silently accept this for now.
* https://github.com/NLnetLabs/krill/issues/1197
*/
if (verbose > 0)
warnx("%s: RFC 5280, section 5.1.2.6: revoked "
"certificate list without entries disallowed", fn);
return 1;
}
for (i = 0; i < count; i++) {
revoked = sk_X509_REVOKED_value(list, i);
/*
* serialNumber and revocationDate are mandatory in the ASN.1
* template, so no need to check their presence.
*
* XXX - due to an old bug in Krill, we can't enforce that
* revocationDate is in the past until at least mid-2025:
* https://github.com/NLnetLabs/krill/issues/788.
*/
if (X509_REVOKED_get0_extensions(revoked) != NULL) {
warnx("%s: RFC 6487, section 5: CRL entry extensions "
"disallowed", fn);
return 0;
}
}
return 1;
}
struct crl *
crl_parse(const char *fn, const unsigned char *der, size_t len)
{
@ -76,19 +212,15 @@ crl_parse(const char *fn, const unsigned char *der, size_t len)
* RFC 6487, section 5: AKI and crlNumber MUST be present, no other
* CRL extensions are allowed.
*/
if ((crl->aki = x509_crl_get_aki(crl->x509_crl, fn)) == NULL) {
warnx("%s: x509_crl_get_aki failed", fn);
goto out;
}
if ((crl->number = x509_crl_get_number(crl->x509_crl, fn)) == NULL) {
warnx("%s: x509_crl_get_number failed", fn);
goto out;
}
if ((count = X509_CRL_get_ext_count(crl->x509_crl)) != 2) {
warnx("%s: RFC 6487 section 5: unexpected number of extensions "
"%d != 2", fn, count);
goto out;
}
if (!crl_has_crl_number(fn, crl->x509_crl))
goto out;
if ((crl->aki = crl_get_aki(fn, crl->x509_crl)) == NULL)
goto out;
at = X509_CRL_get0_lastUpdate(crl->x509_crl);
if (at == NULL) {
@ -110,6 +242,9 @@ crl_parse(const char *fn, const unsigned char *der, size_t len)
goto out;
}
if (!crl_check_revoked(fn, crl->x509_crl))
goto out;
rc = 1;
out:
if (rc == 0) {
@ -178,7 +313,6 @@ crl_free(struct crl *crl)
return;
free(crl->aki);
free(crl->mftpath);
free(crl->number);
X509_CRL_free(crl->x509_crl);
free(crl);
}

5
usr.sbin/rpki-client/extern.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: extern.h,v 1.218 2024/05/20 15:51:43 claudio Exp $ */
/* $OpenBSD: extern.h,v 1.219 2024/05/29 13:26:24 tb Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
@ -480,7 +480,6 @@ struct crl {
RB_ENTRY(crl) entry;
char *aki;
char *mftpath;
char *number;
X509_CRL *x509_crl;
time_t thisupdate; /* do not use before */
time_t nextupdate; /* do not use after */
@ -909,8 +908,6 @@ int x509_get_ski(X509 *, const char *, char **);
int x509_get_notbefore(X509 *, const char *, time_t *);
int x509_get_notafter(X509 *, const char *, time_t *);
int x509_get_crl(X509 *, const char *, char **);
char *x509_crl_get_aki(X509_CRL *, const char *);
char *x509_crl_get_number(X509_CRL *, const char *);
char *x509_get_pubkey(X509 *, const char *);
char *x509_pubkey_get_ski(X509_PUBKEY *, const char *);
enum cert_purpose x509_get_purpose(X509 *, const char *);

65
usr.sbin/rpki-client/print.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: print.c,v 1.52 2024/02/26 10:02:37 job Exp $ */
/* $OpenBSD: print.c,v 1.53 2024/05/29 13:26:24 tb Exp $ */
/*
* Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@ -324,6 +324,48 @@ cert_print(const struct cert *p)
json_do_end();
}
/*
* XXX - dedup with x509_convert_seqnum()?
*/
static char *
crl_parse_number(const X509_CRL *x509_crl)
{
ASN1_INTEGER *aint = NULL;
int crit;
BIGNUM *seqnum = NULL;
char *s = NULL;
aint = X509_CRL_get_ext_d2i(x509_crl, NID_crl_number, &crit, NULL);
if (aint == NULL) {
if (crit != -1)
warnx("failed to parse CRL Number");
else
warnx("CRL Number missing");
goto out;
}
if (ASN1_STRING_length(aint) > 20)
warnx("CRL Number should fit in 20 octets");
seqnum = ASN1_INTEGER_to_BN(aint, NULL);
if (seqnum == NULL) {
warnx("CRL Number: ASN1_INTEGER_to_BN error");
goto out;
}
if (BN_is_negative(seqnum))
warnx("CRL Number should be positive");
s = BN_bn2hex(seqnum);
if (s == NULL)
warnx("CRL Number: BN_bn2hex error");
out:
ASN1_INTEGER_free(aint);
BN_free(seqnum);
return s;
}
void
crl_print(const struct crl *p)
{
@ -342,13 +384,20 @@ crl_print(const struct crl *p)
xissuer = X509_CRL_get_issuer(p->x509_crl);
issuer = X509_NAME_oneline(xissuer, NULL, 0);
if (issuer != NULL && p->number != NULL) {
if (outformats & FORMAT_JSON) {
json_do_string("crl_issuer", issuer);
json_do_string("crl_serial", p->number);
} else {
printf("CRL issuer: %s\n", issuer);
printf("CRL serial number: %s\n", p->number);
if (issuer != NULL) {
char *number;
if ((number = crl_parse_number(p->x509_crl)) != NULL) {
if (outformats & FORMAT_JSON) {
json_do_string("crl_issuer", issuer);
json_do_string("crl_serial", number);
} else {
printf("CRL issuer: %s\n",
issuer);
printf("CRL serial number: %s\n",
number);
}
free(number);
}
}
free(issuer);

29
usr.sbin/rpki-client/rpki-client.8
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: rpki-client.8,v 1.104 2024/05/24 12:57:20 tb Exp $
.\" $OpenBSD: rpki-client.8,v 1.105 2024/05/29 13:27:52 tb Exp $
.\"
.\" Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
.\"
@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: May 24 2024 $
.Dd $Mdocdate: May 29 2024 $
.Dt RPKI-CLIENT 8
.Os
.Sh NAME
@ -362,11 +362,6 @@ agreement regarding ARIN service restrictions.
.Re
.Pp
.Rs
.%T The Profile for Algorithms and Key Sizes for Use in the Resource Public Key Infrastructure (RPKI)
.%R RFC 6485
.Re
.Pp
.Rs
.%T A Profile for X.509 PKIX Resource Certificates
.%R RFC 6487
.Re
@ -377,17 +372,17 @@ agreement regarding ARIN service restrictions.
.Re
.Pp
.Rs
.%T The Resource Public Key Infrastructure (RPKI) Ghostbusters Record
.%T The RPKI Ghostbusters Record
.%R RFC 6493
.Re
.Pp
.Rs
.%T Policy Qualifiers in Resource Public Key Infrastructure (RPKI) Certificates
.%T Policy Qualifiers in RPKI Certificates
.%R RFC 7318
.Re
.Pp
.Rs
.%T The Profile for Algorithms and Key Sizes for Use in the Resource Public Key Infrastructure
.%T The Profile for Algorithms and Key Sizes for Use in the RPKI
.%R RFC 7935
.Re
.Pp
@ -402,7 +397,7 @@ agreement regarding ARIN service restrictions.
.Re
.Pp
.Rs
.%T Resource Public Key Infrastructure (RPKI) Trust Anchor Locator
.%T RPKI Trust Anchor Locator
.%R RFC 8630
.Re
.Pp
@ -412,7 +407,7 @@ agreement regarding ARIN service restrictions.
.Re
.Pp
.Rs
.%T Manifests for the Resource Public Key Infrastructure (RPKI)
.%T Manifests for the RPKI
.%R RFC 9286
.Re
.Pp
@ -422,7 +417,7 @@ agreement regarding ARIN service restrictions.
.Re
.Pp
.Rs
.%T On the use of the Cryptographic Message Syntax (CMS) Signing-Time Attribute in Resource Public Key Infrastructure (RPKI) Signed Objects
.%T On the use of the CMS Signing-Time Attribute in RPKI Signed Objects
.%R RFC 9589
.Re
.Pp
@ -456,10 +451,16 @@ agreement regarding ARIN service restrictions.
.Re
.Pp
.Rs
.%T A profile for Signed Prefix Lists for Use in the Resource Public Key Infrastructure (RPKI)
.%T A profile for Signed Prefix Lists for Use in the RPKI
.%U https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rpki-prefixlist-02
.%D Jan, 2024
.Re
.Pp
.Rs
.%T Relying Party Handling of RPKI CRL Number Extensions
.%U https://datatracker.ietf.org/doc/html/draft-spaghetti-sidrops-rpki-crl-numbers
.%D May, 2024
.Re
.Sh HISTORY
.Nm
first appeared in

91
usr.sbin/rpki-client/x509.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: x509.c,v 1.87 2024/04/21 09:03:22 job Exp $ */
/* $OpenBSD: x509.c,v 1.88 2024/05/29 13:26:24 tb Exp $ */
/*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
@ -786,92 +786,6 @@ x509_get_crl(X509 *x, const char *fn, char **crl)
return rsync_found;
}
/*
* Parse X509v3 authority key identifier (AKI) from the CRL.
* This is matched against the string from x509_get_ski() above.
* Returns the AKI or NULL if it could not be parsed.
* The AKI is formatted as a hex string.
*/
char *
x509_crl_get_aki(X509_CRL *crl, const char *fn)
{
const unsigned char *d;
AUTHORITY_KEYID *akid;
ASN1_OCTET_STRING *os;
int dsz, crit;
char *res = NULL;
akid = X509_CRL_get_ext_d2i(crl, NID_authority_key_identifier, &crit,
NULL);
if (akid == NULL) {
warnx("%s: RFC 6487 section 4.8.3: AKI: extension missing", fn);
return NULL;
}
if (crit != 0) {
warnx("%s: RFC 6487 section 4.8.3: "
"AKI: extension not non-critical", fn);
goto out;
}
if (akid->issuer != NULL || akid->serial != NULL) {
warnx("%s: RFC 6487 section 4.8.3: AKI: "
"authorityCertIssuer or authorityCertSerialNumber present",
fn);
goto out;
}
os = akid->keyid;
if (os == NULL) {
warnx("%s: RFC 6487 section 4.8.3: AKI: "
"Key Identifier missing", fn);
goto out;
}
d = os->data;
dsz = os->length;
if (dsz != SHA_DIGEST_LENGTH) {
warnx("%s: RFC 6487 section 4.8.2: AKI: "
"want %d bytes SHA1 hash, have %d bytes",
fn, SHA_DIGEST_LENGTH, dsz);
goto out;
}
res = hex_encode(d, dsz);
out:
AUTHORITY_KEYID_free(akid);
return res;
}
/*
* Retrieve CRL Number extension. Returns a printable hexadecimal representation
* of the number which has to be freed after use.
*/
char *
x509_crl_get_number(X509_CRL *crl, const char *fn)
{
ASN1_INTEGER *aint;
int crit;
char *res = NULL;
aint = X509_CRL_get_ext_d2i(crl, NID_crl_number, &crit, NULL);
if (aint == NULL) {
warnx("%s: RFC 6487 section 5: CRL Number missing", fn);
return NULL;
}
if (crit != 0) {
warnx("%s: RFC 5280, section 5.2.3: "
"CRL Number not non-critical", fn);
goto out;
}
/* This checks that the number is non-negative and <= 20 bytes. */
res = x509_convert_seqnum(fn, aint);
out:
ASN1_INTEGER_free(aint);
return res;
}
/*
* Convert passed ASN1_TIME to time_t *t.
* Returns 1 on success and 0 on failure.
@ -1008,7 +922,8 @@ x509_valid_subject(const char *fn, const X509 *x)
}
/*
* Convert an ASN1_INTEGER into a hexstring.
* Convert an ASN1_INTEGER into a hexstring, enforcing that it is non-negative
* and representable by at most 20 octets (RFC 5280, section 4.1.2.2).
* Returned string needs to be freed by the caller.
*/
char *