SecBSD/src
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sync with OpenBSD -current

Browse Source
This commit is contained in:
purplerain 2024-08-03 16:51:23 +00:00
parent c0bca71075
commit 4d0363822b
Signed by: purplerain
GPG Key ID: F42C07F07E2E35B7
10 changed files with 63 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
include/unistd.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: unistd.h,v 1.110 2024/08/02 01:53:21 guenther Exp $ */ /* $OpenBSD: unistd.h,v 1.111 2024/08/02 22:14:54 guenther Exp $ */
/* $NetBSD: unistd.h,v 1.26.4.1 1996/05/28 02:31:51 mrg Exp $ */ /* $NetBSD: unistd.h,v 1.26.4.1 1996/05/28 02:31:51 mrg Exp $ */
/*- /*-
@ -474,6 +474,12 @@ int unlinkat(int, const char *, int);
#if __POSIX_VISIBLE >= 202405 || __BSD_VISIBLE #if __POSIX_VISIBLE >= 202405 || __BSD_VISIBLE
int getentropy(void *, size_t); int getentropy(void *, size_t);
#endif #endif
#if __XPG_VISIBLE >= 800 || __BSD_VISIBLE
int getresgid(gid_t *, gid_t *, gid_t *);
int getresuid(uid_t *, uid_t *, uid_t *);
int setresgid(gid_t, gid_t, gid_t);
int setresuid(uid_t, uid_t, uid_t);
#endif
#if __BSD_VISIBLE #if __BSD_VISIBLE
int dup3(int, int, int); int dup3(int, int, int);
@ -492,8 +498,6 @@ int getdomainname(char *, size_t)
int getdtablecount(void); int getdtablecount(void);
int getgrouplist(const char *, gid_t, gid_t *, int *); int getgrouplist(const char *, gid_t, gid_t *, int *);
mode_t getmode(const void *, mode_t); mode_t getmode(const void *, mode_t);
int getresgid(gid_t *, gid_t *, gid_t *);
int getresuid(uid_t *, uid_t *, uid_t *);
pid_t getthrid(void); pid_t getthrid(void);
int getthrname(pid_t, char *, size_t); int getthrname(pid_t, char *, size_t);
char *getusershell(void); char *getusershell(void);
@ -523,8 +527,6 @@ int sethostname(const char *, size_t);
int setlogin(const char *); int setlogin(const char *);
void *setmode(const char *); void *setmode(const char *);
int setpgrp(pid_t _pid, pid_t _pgrp); /* BSD compat version */ int setpgrp(pid_t _pid, pid_t _pgrp); /* BSD compat version */
int setresgid(gid_t, gid_t, gid_t);
int setresuid(uid_t, uid_t, uid_t);
int setthrname(pid_t, const char *); int setthrname(pid_t, const char *);
void setusershell(void); void setusershell(void);
int strtofflags(char **, u_int32_t *, u_int32_t *); int strtofflags(char **, u_int32_t *, u_int32_t *);

18
lib/libc/sys/setresuid.2
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: setresuid.2,v 1.9 2015/09/10 17:55:21 schwarze Exp $ .\" $OpenBSD: setresuid.2,v 1.10 2024/08/02 22:14:54 guenther Exp $
.\" .\"
.\" Copyright (c) 2000 .\" Copyright (c) 2000
.\" Sheldon Hearn. All rights reserved. .\" Sheldon Hearn. All rights reserved.
@ -21,7 +21,7 @@
.\" .\"
.\" $FreeBSD: src/lib/libc/sys/setresuid.2,v 1.12 2001/10/01 16:09:02 ru Exp $ .\" $FreeBSD: src/lib/libc/sys/setresuid.2,v 1.12 2001/10/01 16:09:02 ru Exp $
.\" .\"
.Dd $Mdocdate: September 10 2015 $ .Dd $Mdocdate: August 2 2024 $
.Dt SETRESUID 2 .Dt SETRESUID 2
.Os .Os
.Sh NAME .Sh NAME
@ -31,7 +31,6 @@
.Nm setresuid .Nm setresuid
.Nd get or set real, effective and saved user or group ID .Nd get or set real, effective and saved user or group ID
.Sh SYNOPSIS .Sh SYNOPSIS
.In sys/types.h
.In unistd.h .In unistd.h
.Ft int .Ft int
.Fn getresgid "gid_t *rgid" "gid_t *egid" "gid_t *sgid" .Fn getresgid "gid_t *rgid" "gid_t *egid" "gid_t *sgid"
@ -89,10 +88,13 @@ was invalid.
.Xr setreuid 2 , .Xr setreuid 2 ,
.Xr setuid 2 .Xr setuid 2
.Sh STANDARDS .Sh STANDARDS
These functions are not part of the The
.St -p1003.1 .Fn getresgid ,
specification. .Fn getresuid ,
While they are not completely portable, they are the least ambiguous way to .Fn setresgid ,
manage user and group IDs. and
.Fn setresuid
functions conform to the X/Open System Interfaces option of
.St -p1003.1-2024 .
.Sh HISTORY .Sh HISTORY
These functions first appeared in HP-UX. These functions first appeared in HP-UX.

6
lib/libcrypto/crypto_ex_data.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: crypto_ex_data.c,v 1.2 2024/08/02 14:02:33 tb Exp $ */ /* $OpenBSD: crypto_ex_data.c,v 1.4 2024/08/03 07:45:26 tb Exp $ */
/* /*
* Copyright (c) 2023 Joel Sing <jsing@openbsd.org> * Copyright (c) 2023 Joel Sing <jsing@openbsd.org>
* *
@ -19,7 +19,7 @@
#include <openssl/crypto.h> #include <openssl/crypto.h>
#define CRYPTO_EX_DATA_MAX_INDEX 16 #define CRYPTO_EX_DATA_MAX_INDEX 32
struct crypto_ex_data { struct crypto_ex_data {
int class_index; int class_index;
@ -104,7 +104,7 @@ CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
sizeof(struct crypto_ex_data_class))) == NULL) sizeof(struct crypto_ex_data_class))) == NULL)
goto err; goto err;
if ((new_class->indexes = calloc(CRYPTO_EX_DATA_MAX_INDEX, if ((new_class->indexes = calloc(CRYPTO_EX_DATA_MAX_INDEX,
sizeof(struct crypto_ex_data_index))) == NULL) sizeof(struct crypto_ex_data_index *))) == NULL)
goto err; goto err;
new_class->indexes_len = CRYPTO_EX_DATA_MAX_INDEX; new_class->indexes_len = CRYPTO_EX_DATA_MAX_INDEX;
new_class->next_index = 1; new_class->next_index = 1;

4
lib/libcrypto/ec/ec_kmeth.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ec_kmeth.c,v 1.13 2023/11/19 15:46:09 tb Exp $ */ /* $OpenBSD: ec_kmeth.c,v 1.14 2024/08/03 13:06:37 tb Exp $ */
/* /*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project. * project.
@ -149,7 +149,7 @@ EC_KEY_new_method(ENGINE *engine)
ret->conv_form = POINT_CONVERSION_UNCOMPRESSED; ret->conv_form = POINT_CONVERSION_UNCOMPRESSED;
ret->references = 1; ret->references = 1;
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data))
goto err; goto err;
if (ret->meth->init != NULL && ret->meth->init(ret) == 0) if (ret->meth->init != NULL && ret->meth->init(ret) == 0)
goto err; goto err;

3
lib/libssl/hidden/openssl/ssl.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssl.h,v 1.7 2024/07/14 15:39:36 tb Exp $ */ /* $OpenBSD: ssl.h,v 1.8 2024/08/03 04:50:27 tb Exp $ */
/* /*
* Copyright (c) 2023 Bob Beck <beck@openbsd.org> * Copyright (c) 2023 Bob Beck <beck@openbsd.org>
* *
@ -105,6 +105,7 @@ LSSL_USED(SSL_CTX_set_timeout);
LSSL_USED(SSL_CTX_get_timeout); LSSL_USED(SSL_CTX_get_timeout);
LSSL_USED(SSL_CTX_get_cert_store); LSSL_USED(SSL_CTX_get_cert_store);
LSSL_USED(SSL_CTX_set_cert_store); LSSL_USED(SSL_CTX_set_cert_store);
LSSL_USED(SSL_CTX_set1_cert_store);
LSSL_USED(SSL_CTX_get0_certificate); LSSL_USED(SSL_CTX_get0_certificate);
LSSL_USED(SSL_CTX_get0_privatekey); LSSL_USED(SSL_CTX_get0_privatekey);
LSSL_USED(SSL_want); LSSL_USED(SSL_want);

20
lib/libssl/man/SSL_CTX_set_cert_store.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: SSL_CTX_set_cert_store.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ .\" $OpenBSD: SSL_CTX_set_cert_store.3,v 1.8 2024/08/03 04:53:01 tb Exp $
.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\" .\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>. .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
@ -48,17 +48,20 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.Dd $Mdocdate: March 27 2018 $ .Dd $Mdocdate: August 3 2024 $
.Dt SSL_CTX_SET_CERT_STORE 3 .Dt SSL_CTX_SET_CERT_STORE 3
.Os .Os
.Sh NAME .Sh NAME
.Nm SSL_CTX_set_cert_store , .Nm SSL_CTX_set_cert_store ,
.Nm SSL_CTX_set1_cert_store ,
.Nm SSL_CTX_get_cert_store .Nm SSL_CTX_get_cert_store
.Nd manipulate X509 certificate verification storage .Nd manipulate X509 certificate verification storage
.Sh SYNOPSIS .Sh SYNOPSIS
.In openssl/ssl.h .In openssl/ssl.h
.Ft void .Ft void
.Fn SSL_CTX_set_cert_store "SSL_CTX *ctx" "X509_STORE *store" .Fn SSL_CTX_set_cert_store "SSL_CTX *ctx" "X509_STORE *store"
.Ft void
.Fn SSL_CTX_set1_cert_store "SSL_CTX *ctx" "X509_STORE *store"
.Ft X509_STORE * .Ft X509_STORE *
.Fn SSL_CTX_get_cert_store "const SSL_CTX *ctx" .Fn SSL_CTX_get_cert_store "const SSL_CTX *ctx"
.Sh DESCRIPTION .Sh DESCRIPTION
@ -73,6 +76,15 @@ object is currently set in
.Fa ctx , .Fa ctx ,
it will be freed. it will be freed.
.Pp .Pp
.Fn SSL_CTX_set1_cert_store
sets the verification storage of
.Fa ctx
to or replaces it with
.Fa store .
The
.Fa store Ns 's
reference count is incremented.
.Pp
.Fn SSL_CTX_get_cert_store .Fn SSL_CTX_get_cert_store
returns a pointer to the current certificate verification storage. returns a pointer to the current certificate verification storage.
.Pp .Pp
@ -128,3 +140,7 @@ and
.Fn SSL_CTX_get_cert_store .Fn SSL_CTX_get_cert_store
first appeared in SSLeay 0.8.1 and have been available since first appeared in SSLeay 0.8.1 and have been available since
.Ox 2.4 . .Ox 2.4 .
.Pp
.Fn SSL_CTX_set1_cert_store
first appeared in OpenSSL 1.1.1 and has been available since
.Ox 7.6 .

5
lib/libssl/ssl.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssl.h,v 1.239 2024/07/14 15:39:36 tb Exp $ */ /* $OpenBSD: ssl.h,v 1.240 2024/08/03 04:50:27 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved. * All rights reserved.
* *
@ -1107,6 +1107,9 @@ long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
long SSL_CTX_get_timeout(const SSL_CTX *ctx); long SSL_CTX_get_timeout(const SSL_CTX *ctx);
X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
#if defined(LIBRESSL_INTERNAL) || defined(LIBRESSL_NEXT_API)
void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store);
#endif
X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx);
EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx);
int SSL_want(const SSL *s); int SSL_want(const SSL *s);

12
lib/libssl/ssl_lib.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_lib.c,v 1.328 2024/07/20 04:04:23 jsing Exp $ */ /* $OpenBSD: ssl_lib.c,v 1.329 2024/08/03 04:50:27 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved. * All rights reserved.
* *
@ -3403,6 +3403,16 @@ SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
} }
LSSL_ALIAS(SSL_CTX_set_cert_store); LSSL_ALIAS(SSL_CTX_set_cert_store);
void
SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store)
{
if (store != NULL)
X509_STORE_up_ref(store);
SSL_CTX_set_cert_store(ctx, store);
}
LSSL_ALIAS(SSL_CTX_set1_cert_store);
X509 * X509 *
SSL_CTX_get0_certificate(const SSL_CTX *ctx) SSL_CTX_get0_certificate(const SSL_CTX *ctx)
{ {

6
sys/arch/amd64/amd64/locore.S
View File

@ -1,4 +1,4 @@
/* $OpenBSD: locore.S,v 1.147 2024/03/17 05:49:41 guenther Exp $ */ /* $OpenBSD: locore.S,v 1.148 2024/08/02 22:24:51 guenther Exp $ */
/* $NetBSD: locore.S,v 1.13 2004/03/25 18:33:17 drochner Exp $ */ /* $NetBSD: locore.S,v 1.13 2004/03/25 18:33:17 drochner Exp $ */
/* /*
@ -182,7 +182,9 @@ sigcodecall:
.globl sigcoderet .globl sigcoderet
sigcoderet: sigcoderet:
int3 int3
1: JMP_RETPOLINE(rax) 1: CODEPATCH_START
JMP_RETPOLINE(rax)
CODEPATCH_END(CPTAG_RETPOLINE_RAX)
.globl esigcode .globl esigcode
esigcode: esigcode:
.globl sigfill .globl sigfill

4
usr.bin/nc/netcat.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: netcat.c,v 1.226 2023/08/14 08:07:27 tb Exp $ */ /* $OpenBSD: netcat.c,v 1.227 2024/08/02 21:08:47 jan Exp $ */
/* /*
* Copyright (c) 2001 Eric Jackson <ericj@monkey.org> * Copyright (c) 2001 Eric Jackson <ericj@monkey.org>
* Copyright (c) 2015 Bob Beck. All rights reserved. * Copyright (c) 2015 Bob Beck. All rights reserved.
@ -778,7 +778,7 @@ timeout_tls(int s, struct tls *tls_ctx, int (*func)(struct tls *))
struct pollfd pfd; struct pollfd pfd;
int ret; int ret;
while ((ret = (*func)(tls_ctx)) != 0) { while ((ret = func(tls_ctx)) != 0) {
if (ret == TLS_WANT_POLLIN) if (ret == TLS_WANT_POLLIN)
pfd.events = POLLIN; pfd.events = POLLIN;
else if (ret == TLS_WANT_POLLOUT) else if (ret == TLS_WANT_POLLOUT)