SecBSD
/
src
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sync

This commit is contained in:
purplerain 2023-06-14 16:38:06 +00:00
parent bfc16459ac
commit 482636fd24
Signed by: purplerain
GPG Key ID: F42C07F07E2E35B7
12 changed files with 89 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/libcrypto/asn1/asn1_item.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: asn1_item.c,v 1.6 2022/11/26 16:08:50 tb Exp $ */
/* $OpenBSD: asn1_item.c,v 1.7 2023/06/13 23:31:53 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -119,12 +119,6 @@
#include "asn1_local.h"
#include "evp_local.h"
/*
* ASN1_ITEM version of dup: this follows the model above except we don't need
* to allocate the buffer. At some point this could be rewritten to directly dup
* the underlying structure instead of doing and encode and decode.
*/
int
ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
unsigned char *md, unsigned int *len)
@ -145,6 +139,12 @@ ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
return (1);
}
/*
* ASN1_ITEM version of ASN1_dup(): follows the same model except there's no
* need to allocate the buffer. At some point this could be rewritten to dup
* the underlying structure directly instead of doing an encode and decode.
*/
void *
ASN1_item_dup(const ASN1_ITEM *it, void *x)
{

4
regress/usr.sbin/pkg_add/inject-badsum
View File

@ -1,6 +1,6 @@
#! /usr/bin/perl
# $OpenBSD: inject-badsum,v 1.1 2019/08/02 14:57:53 espie Exp $
# $OpenBSD: inject-badsum,v 1.2 2023/06/14 07:52:37 espie Exp $
use strict;
use warnings;
@ -14,7 +14,7 @@ wrap('digest_file',
my $original = shift;
if ($_[1] =~ m,/a$,) {
my $self = shift;
my $d = $self->algo;
my $d = $self->_algo;
$d->addfile("/dev/null");
return $d->digest;
} else {

60
sbin/iked/ikev2.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ikev2.c,v 1.370 2023/06/13 12:34:12 tb Exp $ */
/* $OpenBSD: ikev2.c,v 1.371 2023/06/14 14:09:29 claudio Exp $ */
/*
* Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@ -2285,7 +2285,7 @@ ikev2_nat_detection(struct iked *env, struct iked_message *msg,
struct sockaddr_in *in4;
struct sockaddr_in6 *in6;
ssize_t ret = -1;
struct sockaddr *src, *dst, *ss;
struct sockaddr_storage *src, *dst, *ss;
uint64_t rspi, ispi;
struct ibuf *buf;
uint32_t rnd;
@ -2299,13 +2299,13 @@ ikev2_nat_detection(struct iked *env, struct iked_message *msg,
return (-1);
ispi = hdr->ike_ispi;
rspi = hdr->ike_rspi;
src = (struct sockaddr *)&msg->msg_peer;
dst = (struct sockaddr *)&msg->msg_local;
src = &msg->msg_peer;
dst = &msg->msg_local;
} else {
ispi = htobe64(sa->sa_hdr.sh_ispi);
rspi = htobe64(sa->sa_hdr.sh_rspi);
src = (struct sockaddr *)&msg->msg_local;
dst = (struct sockaddr *)&msg->msg_peer;
src = &msg->msg_local;
dst = &msg->msg_peer;
}
ctx = EVP_MD_CTX_new();
@ -2337,7 +2337,7 @@ ikev2_nat_detection(struct iked *env, struct iked_message *msg,
EVP_DigestUpdate(ctx, &ispi, sizeof(ispi));
EVP_DigestUpdate(ctx, &rspi, sizeof(rspi));
switch (ss->sa_family) {
switch (ss->ss_family) {
case AF_INET:
in4 = (struct sockaddr_in *)ss;
EVP_DigestUpdate(ctx, &in4->sin_addr.s_addr,
@ -6902,15 +6902,14 @@ ikev2_print_static_id(struct iked_static_id *id, char *idstr, size_t idstrlen)
int
ikev2_print_id(struct iked_id *id, char *idstr, size_t idstrlen)
{
uint8_t buf[BUFSIZ], *ptr;
struct sockaddr_in *s4;
struct sockaddr_in6 *s6;
uint8_t *ptr;
struct sockaddr_in s4 = { 0 };
struct sockaddr_in6 s6 = { 0 };
char *str;
ssize_t len;
int i;
const char *type;
bzero(buf, sizeof(buf));
bzero(idstr, idstrlen);
if (id->id_buf == NULL)
@ -6931,48 +6930,38 @@ ikev2_print_id(struct iked_id *id, char *idstr, size_t idstrlen)
strlcat(idstr, "/", idstrlen) >= idstrlen)
return (-1);
idstrlen -= strlen(idstr);
idstr += strlen(idstr);
switch (id->id_type) {
case IKEV2_ID_IPV4:
s4 = (struct sockaddr_in *)buf;
s4->sin_family = AF_INET;
s4->sin_len = sizeof(*s4);
memcpy(&s4->sin_addr.s_addr, ptr, len);
s4.sin_family = AF_INET;
s4.sin_len = sizeof(s4);
memcpy(&s4.sin_addr.s_addr, ptr, len);
if (print_host((struct sockaddr *)s4,
idstr, idstrlen) == NULL)
if (strlcat(idstr, print_addr(&s4), idstrlen) >= idstrlen)
return (-1);
break;
case IKEV2_ID_FQDN:
case IKEV2_ID_UFQDN:
if (len >= (ssize_t)sizeof(buf))
return (-1);
if ((str = get_string(ptr, len)) == NULL)
return (-1);
if (strlcpy(idstr, str, idstrlen) >= idstrlen) {
if (strlcat(idstr, str, idstrlen) >= idstrlen) {
free(str);
return (-1);
}
free(str);
break;
case IKEV2_ID_IPV6:
s6 = (struct sockaddr_in6 *)buf;
s6->sin6_family = AF_INET6;
s6->sin6_len = sizeof(*s6);
memcpy(&s6->sin6_addr, ptr, len);
s6.sin6_family = AF_INET6;
s6.sin6_len = sizeof(s6);
memcpy(&s6.sin6_addr, ptr, len);
if (print_host((struct sockaddr *)s6,
idstr, idstrlen) == NULL)
if (strlcat(idstr, print_addr(&s6), idstrlen) >= idstrlen)
return (-1);
break;
case IKEV2_ID_ASN1_DN:
if ((str = ca_asn1_name(ptr, len)) == NULL)
return (-1);
if (strlcpy(idstr, str, idstrlen) >= idstrlen) {
if (strlcat(idstr, str, idstrlen) >= idstrlen) {
OPENSSL_free(str);
return (-1);
}
@ -6980,9 +6969,12 @@ ikev2_print_id(struct iked_id *id, char *idstr, size_t idstrlen)
break;
default:
/* XXX test */
for (i = 0; i < ((ssize_t)idstrlen - 1) && i < len; i++)
snprintf(idstr + i, idstrlen - i,
"%02x", ptr[i]);
for (i = 0; i < len; i++) {
char buf[3];
snprintf(buf, sizeof(buf), "%02x", ptr[i]);
if (strlcat(idstr, buf, idstrlen) >= idstrlen)
break;
}
break;
}

73
sbin/iked/ikev2_pld.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ikev2_pld.c,v 1.129 2023/06/06 16:09:35 claudio Exp $ */
/* $OpenBSD: ikev2_pld.c,v 1.130 2023/06/14 14:09:29 claudio Exp $ */
/*
* Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@ -1522,9 +1522,8 @@ int
ikev2_pld_ts(struct iked *env, struct ikev2_payload *pld,
struct iked_message *msg, size_t offset, size_t left, unsigned int type)
{
struct sockaddr_in s4;
struct sockaddr_in6 s6;
uint8_t buf[2][128];
struct sockaddr_in start4, end4;
struct sockaddr_in6 start6, end6;
uint8_t *msgbuf = ibuf_data(msg->msg_data);
uint8_t *ptr;
@ -1539,22 +1538,21 @@ ikev2_pld_ts(struct iked *env, struct ikev2_payload *pld,
return (-1);
}
bzero(&s4, sizeof(s4));
s4.sin_family = AF_INET;
s4.sin_len = sizeof(s4);
memcpy(&s4.sin_addr.s_addr, ptr, 4);
bzero(&start4, sizeof(start4));
start4.sin_family = AF_INET;
start4.sin_len = sizeof(start4);
memcpy(&start4.sin_addr.s_addr, ptr, 4);
ptr += 4;
left -= 4;
print_host((struct sockaddr *)&s4,
(char *)buf[0], sizeof(buf[0]));
memcpy(&s4.sin_addr.s_addr, ptr, 4);
bzero(&end4, sizeof(end4));
end4.sin_family = AF_INET;
end4.sin_len = sizeof(end4);
memcpy(&end4.sin_addr.s_addr, ptr, 4);
left -= 4;
print_host((struct sockaddr *)&s4,
(char *)buf[1], sizeof(buf[1]));
log_debug("%s: start %s end %s", __func__,
buf[0], buf[1]);
print_addr(&start4), print_addr(&end4));
break;
case IKEV2_TS_IPV6_ADDR_RANGE:
if (left < 2 * 16) {
@ -1563,21 +1561,21 @@ ikev2_pld_ts(struct iked *env, struct ikev2_payload *pld,
__func__, left, 2 * 16);
return (-1);
}
bzero(&s6, sizeof(s6));
s6.sin6_family = AF_INET6;
s6.sin6_len = sizeof(s6);
memcpy(&s6.sin6_addr, ptr, 16);
bzero(&start6, sizeof(start6));
start6.sin6_family = AF_INET6;
start6.sin6_len = sizeof(start6);
memcpy(&start6.sin6_addr, ptr, 16);
ptr += 16;
left -= 16;
print_host((struct sockaddr *)&s6,
(char *)buf[0], sizeof(buf[0]));
memcpy(&s6.sin6_addr, ptr, 16);
bzero(&end6, sizeof(end6));
end6.sin6_family = AF_INET6;
end6.sin6_len = sizeof(end6);
memcpy(&end6.sin6_addr, ptr, 16);
left -= 16;
print_host((struct sockaddr *)&s6,
(char *)buf[1], sizeof(buf[1]));
log_debug("%s: start %s end %s", __func__,
buf[0], buf[1]);
print_addr(&start6), print_addr(&end6));
break;
default:
log_debug("%s: ignoring unknown TS type %u", __func__, type);
@ -1871,7 +1869,6 @@ ikev2_pld_cp(struct iked *env, struct ikev2_payload *pld,
uint8_t *msgbuf = ibuf_data(msg->msg_data);
uint8_t *ptr;
size_t len;
uint8_t buf[128];
int cfg_type;
if (ikev2_validate_cp(msg, offset, left, &cp))
@ -1949,17 +1946,20 @@ ikev2_pld_cp(struct iked *env, struct ikev2_payload *pld,
in4->sin_family = AF_INET;
in4->sin_len = sizeof(*in4);
memcpy(&in4->sin_addr.s_addr, ptr, 4);
print_host((struct sockaddr *)in4, (char *)buf,
sizeof(buf));
log_debug("%s: cfg %s", __func__, buf);
switch(cfg_type) {
case IKEV2_CFG_INTERNAL_IP4_ADDRESS:
msg->msg_parent->msg_cp_addr = addr;
log_debug("%s: IP4_ADDRESS %s", __func__, buf);
log_debug("%s: IP4_ADDRESS %s", __func__,
print_addr(&addr->addr));
break;
case IKEV2_CFG_INTERNAL_IP4_DNS:
msg->msg_parent->msg_cp_dns = addr;
log_debug("%s: IP4_DNS %s", __func__, buf);
log_debug("%s: IP4_DNS %s", __func__,
print_addr(&addr->addr));
break;
default:
log_debug("%s: cfg %s", __func__,
print_addr(&addr->addr));
break;
}
break;
@ -1999,17 +1999,20 @@ ikev2_pld_cp(struct iked *env, struct ikev2_payload *pld,
in6->sin6_family = AF_INET6;
in6->sin6_len = sizeof(*in6);
memcpy(&in6->sin6_addr, ptr, 16);
print_host((struct sockaddr *)in6, (char *)buf,
sizeof(buf));
log_debug("%s: cfg %s/%d", __func__, buf, ptr[16]);
switch(cfg_type) {
case IKEV2_CFG_INTERNAL_IP6_ADDRESS:
msg->msg_parent->msg_cp_addr6 = addr;
log_debug("%s: IP6_ADDRESS %s", __func__, buf);
log_debug("%s: IP6_ADDRESS %s", __func__,
print_addr(&addr->addr));
break;
case IKEV2_CFG_INTERNAL_IP6_DNS:
msg->msg_parent->msg_cp_dns = addr;
log_debug("%s: IP6_DNS %s", __func__, buf);
log_debug("%s: IP6_DNS %s", __func__,
print_addr(&addr->addr));
break;
default:
log_debug("%s: cfg %s/%d", __func__,
print_addr(&addr->addr), ptr[16]);
break;
}
break;

5
sbin/iked/parse.y
View File

@ -1,4 +1,4 @@
/* $OpenBSD: parse.y,v 1.142 2023/04/19 13:33:37 jsg Exp $ */
/* $OpenBSD: parse.y,v 1.143 2023/06/14 14:09:29 claudio Exp $ */
/*
* Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@ -2880,8 +2880,7 @@ create_ike(char *name, int af, struct ipsec_addr_wrap *ipproto,
if (dstid)
strlcpy(idstr, dstid, sizeof(idstr));
else if (!pol.pol_peer.addr_net)
print_host((struct sockaddr *)&pol.pol_peer.addr, idstr,
sizeof(idstr));
strlcpy(idstr, print_addr(&pol.pol_peer.addr), sizeof(idstr));
ikeauth = &pol.pol_auth;
switch (ikeauth->auth_method) {

3
share/misc/airport
View File

@ -1,4 +1,4 @@
# $OpenBSD: airport,v 1.90 2023/05/02 08:48:06 stsp Exp $
# $OpenBSD: airport,v 1.91 2023/06/14 01:16:08 kn Exp $
# @(#)airport 8.1 (Berkeley) 6/8/93
#
# Some of this information from the Airport Search Engine at
@ -918,6 +918,7 @@ KUM:Yakushima, Japan
KUN:Kaunas, Lithuania
KUO:Kuopio, Finland
KUS:Kulusuk Metropolitan Area, Greenland
KUT:Kutaisi, Georgia
KUV:Gunsan, South Korea
KVA:Kavala, Greece
KVB:Skovde, Sweden

4
sys/netinet/ip_mroute.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ip_mroute.c,v 1.138 2023/04/19 20:03:51 kn Exp $ */
/* $OpenBSD: ip_mroute.c,v 1.139 2023/06/14 14:30:08 mvs Exp $ */
/* $NetBSD: ip_mroute.c,v 1.85 2004/04/26 01:31:57 matt Exp $ */
/*
@ -718,7 +718,9 @@ add_vif(struct socket *so, struct mbuf *m)
satosin(&ifr.ifr_addr)->sin_len = sizeof(struct sockaddr_in);
satosin(&ifr.ifr_addr)->sin_family = AF_INET;
satosin(&ifr.ifr_addr)->sin_addr = zeroin_addr;
KERNEL_LOCK();
error = (*ifp->if_ioctl)(ifp, SIOCADDMULTI, (caddr_t)&ifr);
KERNEL_UNLOCK();
if (error)
return (error);
}

4
sys/netinet6/ip6_mroute.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ip6_mroute.c,v 1.136 2023/04/19 20:03:52 kn Exp $ */
/* $OpenBSD: ip6_mroute.c,v 1.137 2023/06/14 14:30:08 mvs Exp $ */
/* $NetBSD: ip6_mroute.c,v 1.59 2003/12/10 09:28:38 itojun Exp $ */
/* $KAME: ip6_mroute.c,v 1.45 2001/03/25 08:38:51 itojun Exp $ */
@ -610,7 +610,9 @@ add_m6if(struct socket *so, struct mif6ctl *mifcp)
memset(&ifr, 0, sizeof(ifr));
ifr.ifr_addr.sin6_family = AF_INET6;
ifr.ifr_addr.sin6_addr = in6addr_any;
KERNEL_LOCK();
error = (*ifp->if_ioctl)(ifp, SIOCADDMULTI, (caddr_t)&ifr);
KERNEL_UNLOCK();
if (error) {
if_put(ifp);

4
sys/netinet6/ip6_output.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ip6_output.c,v 1.277 2023/05/22 16:08:34 bluhm Exp $ */
/* $OpenBSD: ip6_output.c,v 1.278 2023/06/13 19:34:12 bluhm Exp $ */
/* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */
/*
@ -688,7 +688,7 @@ reroute:
dontfrag = 0;
if (dontfrag && /* case 2-b */
(ISSET(m->m_pkthdr.csum_flags, M_TCP_TSO) ?
m->m_pkthdr.csum_flags : tlen) > ifp->if_mtu) {
m->m_pkthdr.ph_mss : tlen) > ifp->if_mtu) {
#ifdef IPSEC
if (ip_mtudisc)
ipsec_adjust_mtu(m, mtu);

3
usr.bin/seq/seq.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: seq.c,v 1.7 2023/06/12 20:15:06 millert Exp $ */
/* $OpenBSD: seq.c,v 1.8 2023/06/13 21:10:41 millert Exp $ */
/*-
* Copyright (c) 2005 The NetBSD Foundation, Inc.
@ -176,7 +176,6 @@ main(int argc, char *argv[])
} else
fmt = generate_format(first, incr, last, equalize, pad);
warnx("first: %f, incr: %f", first, incr);
for (step = 1, cur = first; incr > 0 ? cur <= last : cur >= last;
cur = first + incr * step++) {
if (cur != first)

5
usr.sbin/pkg_add/OpenBSD/PackageRepositoryList.pm
View File

@ -1,5 +1,5 @@
# ex:ts=8 sw=4:
# $OpenBSD: PackageRepositoryList.pm,v 1.33 2023/06/13 09:07:17 espie Exp $
# $OpenBSD: PackageRepositoryList.pm,v 1.34 2023/06/14 09:59:09 espie Exp $
#
# Copyright (c) 2003-2006 Marc Espie <espie@openbsd.org>
#
@ -48,9 +48,6 @@ sub prepend($self, @p)
sub do_something($self, $do, $pkgname, @args)
{
if (defined $pkgname && $pkgname eq '-') {
return OpenBSD::PackageRepository->pipe->new($self->{state})->$do($pkgname, @args);
}
for my $repo (@{$self->{l}}) {
my $r = $repo->$do($pkgname, @args);
return $r if defined $r;

3
usr.sbin/pkg_add/OpenBSD/PkgInfo.pm
View File

@ -1,6 +1,6 @@
#! /usr/bin/perl
# ex:ts=8 sw=4:
# $OpenBSD: PkgInfo.pm,v 1.51 2023/06/13 09:07:17 espie Exp $
# $OpenBSD: PkgInfo.pm,v 1.52 2023/06/14 09:59:09 espie Exp $
#
# Copyright (c) 2003-2014 Marc Espie <espie@openbsd.org>
#
@ -642,6 +642,7 @@ sub parse_and_run($self, $cmd)
$self->print_info($state, $pkgname, $handle);
})) {
$exit_code = 1;
$state->errsay("Can't find #1", $pkg);
}
}
for my $extra (@extra) {