From 85f0c6497f1fececa945ba11101bd50175e64ced Mon Sep 17 00:00:00 2001 From: purplerain Date: Tue, 5 Mar 2024 13:09:05 +0000 Subject: [PATCH] sync with OpenBSD -current --- distrib/sets/lists/comp/mi | 1 - lib/libcrypto/man/EVP_DigestInit.3 | 5 +- lib/libcrypto/man/EVP_MD_CTX_ctrl.3 | 9 +- lib/libcrypto/man/EVP_MD_meth_new.3 | 352 ---------------------------- lib/libcrypto/man/EVP_MD_nid.3 | 60 ++++- lib/libcrypto/man/EVP_sha1.3 | 7 +- lib/libcrypto/man/EVP_sha3_224.3 | 7 +- lib/libcrypto/man/Makefile | 3 +- lib/libcrypto/man/evp.3 | 5 +- regress/libexec/ftpd/Makefile | 3 +- sys/net/if_wg.c | 48 ++-- sys/net/wg_noise.c | 44 ++-- sys/net/wg_noise.h | 7 +- sys/netinet/ip_divert.c | 28 +-- sys/netinet/ip_var.h | 4 +- sys/netinet/raw_ip.c | 4 +- usr.bin/whois/whois.1 | 45 ++-- usr.bin/whois/whois.c | 4 +- 18 files changed, 158 insertions(+), 478 deletions(-) delete mode 100644 lib/libcrypto/man/EVP_MD_meth_new.3 diff --git a/distrib/sets/lists/comp/mi b/distrib/sets/lists/comp/mi index d53223e83..fb6762dc3 100644 --- a/distrib/sets/lists/comp/mi +++ b/distrib/sets/lists/comp/mi @@ -1925,7 +1925,6 @@ ./usr/share/man/man3/EVP_EncodeInit.3 ./usr/share/man/man3/EVP_EncryptInit.3 ./usr/share/man/man3/EVP_MD_CTX_ctrl.3 -./usr/share/man/man3/EVP_MD_meth_new.3 ./usr/share/man/man3/EVP_MD_nid.3 ./usr/share/man/man3/EVP_OpenInit.3 ./usr/share/man/man3/EVP_PKCS82PKEY.3 diff --git a/lib/libcrypto/man/EVP_DigestInit.3 b/lib/libcrypto/man/EVP_DigestInit.3 index a5ce6f84f..a578d99e1 100644 --- a/lib/libcrypto/man/EVP_DigestInit.3 +++ b/lib/libcrypto/man/EVP_DigestInit.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_DigestInit.3,v 1.31 2023/09/07 19:59:58 schwarze Exp $ +.\" $OpenBSD: EVP_DigestInit.3,v 1.32 2024/03/05 17:21:40 tb Exp $ .\" full merge up to: OpenSSL 7f572e95 Dec 2 13:57:04 2015 +0000 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 .\" @@ -70,7 +70,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 7 2023 $ +.Dd $Mdocdate: March 5 2024 $ .Dt EVP_DIGESTINIT 3 .Os .Sh NAME @@ -533,7 +533,6 @@ main(int argc, char *argv[]) .Xr EVP_DigestSignInit 3 , .Xr EVP_DigestVerifyInit 3 , .Xr EVP_MD_CTX_ctrl 3 , -.Xr EVP_MD_meth_new 3 , .Xr EVP_MD_nid 3 , .Xr EVP_PKEY_CTX_set_signature_md 3 , .Xr EVP_PKEY_meth_set_signctx 3 , diff --git a/lib/libcrypto/man/EVP_MD_CTX_ctrl.3 b/lib/libcrypto/man/EVP_MD_CTX_ctrl.3 index 0aaeddd6d..c8c148faf 100644 --- a/lib/libcrypto/man/EVP_MD_CTX_ctrl.3 +++ b/lib/libcrypto/man/EVP_MD_CTX_ctrl.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_MD_CTX_ctrl.3,v 1.2 2023/09/07 19:28:37 schwarze Exp $ +.\" $OpenBSD: EVP_MD_CTX_ctrl.3,v 1.3 2024/03/05 17:21:40 tb Exp $ .\" full merge up to: OpenSSL man3/EVP_DigestInit.pod .\" 24a535ea Sep 22 13:14:20 2020 +0100 .\" @@ -69,7 +69,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 7 2023 $ +.Dd $Mdocdate: March 5 2024 $ .Dt EVP_MD_CTX_CTRL 3 .Os .Sh NAME @@ -236,8 +236,8 @@ is assigned. .Fn EVP_MD_CTX_md_data returns the digest method private data of .Fa ctx . -The space was allocated and its size set with -.Xr EVP_MD_meth_set_app_datasize 3 . +The space is allocated with a size determined at compile time. +The size is not exposed by an API. .Sh RETURN VALUES .Fn EVP_MD_CTX_ctrl returns 1 for success or 0 for failure. @@ -256,7 +256,6 @@ return pointers to storage owned by .Sh SEE ALSO .Xr evp 3 , .Xr EVP_DigestInit 3 , -.Xr EVP_MD_meth_new 3 , .Xr EVP_MD_nid 3 .Sh HISTORY .Fn EVP_MD_CTX_set_flags , diff --git a/lib/libcrypto/man/EVP_MD_meth_new.3 b/lib/libcrypto/man/EVP_MD_meth_new.3 deleted file mode 100644 index 8a80cca06..000000000 --- a/lib/libcrypto/man/EVP_MD_meth_new.3 +++ /dev/null @@ -1,352 +0,0 @@ -.\" $OpenBSD: EVP_MD_meth_new.3,v 1.5 2023/09/12 16:26:30 schwarze Exp $ -.\" selective merge up to: -.\" OpenSSL man3/EVP_MD_meth_new 0388d212 Dec 14 12:47:07 2018 -0800 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2023 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Richard Levitte -.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: September 12 2023 $ -.Dt EVP_MD_METH_NEW 3 -.Os -.Sh NAME -.Nm EVP_MD_meth_dup , -.Nm EVP_MD_meth_new , -.Nm EVP_MD_meth_free , -.Nm EVP_MD_meth_set_input_blocksize , -.Nm EVP_MD_meth_set_result_size , -.Nm EVP_MD_meth_set_app_datasize , -.Nm EVP_MD_meth_set_flags , -.Nm EVP_MD_meth_set_init , -.Nm EVP_MD_meth_set_update , -.Nm EVP_MD_meth_set_final , -.Nm EVP_MD_meth_set_copy , -.Nm EVP_MD_meth_set_cleanup , -.Nm EVP_MD_meth_set_ctrl -.Nd Routines to build up EVP_MD methods -.Sh SYNOPSIS -.In openssl/evp.h -.Ft EVP_MD * -.Fo EVP_MD_meth_new -.Fa "int md_type" -.Fa "int pkey_type" -.Fc -.Ft void -.Fo EVP_MD_meth_free -.Fa "EVP_MD *md" -.Fc -.Ft EVP_MD * -.Fo EVP_MD_meth_dup -.Fa "const EVP_MD *md" -.Fc -.Ft int -.Fo EVP_MD_meth_set_input_blocksize -.Fa "EVP_MD *md" -.Fa "int blocksize" -.Fc -.Ft int -.Fo EVP_MD_meth_set_result_size -.Fa "EVP_MD *md" -.Fa "int resultsize" -.Fc -.Ft int -.Fo EVP_MD_meth_set_app_datasize -.Fa "EVP_MD *md" -.Fa "int datasize" -.Fc -.Ft int -.Fo EVP_MD_meth_set_flags -.Fa "EVP_MD *md" -.Fa "unsigned long flags" -.Fc -.Ft int -.Fo EVP_MD_meth_set_init -.Fa "EVP_MD *md" -.Fa "int (*init)(EVP_MD_CTX *ctx)" -.Fc -.Ft int -.Fo EVP_MD_meth_set_update -.Fa "EVP_MD *md" -.Fa "int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count)" -.Fc -.Ft int -.Fo EVP_MD_meth_set_final -.Fa "EVP_MD *md" -.Fa "int (*final)(EVP_MD_CTX *ctx, unsigned char *md)" -.Fc -.Ft int -.Fo EVP_MD_meth_set_copy -.Fa "EVP_MD *md" -.Fa "int (*copy)(EVP_MD_CTX *to, const EVP_MD_CTX *from)" -.Fc -.Ft int -.Fo EVP_MD_meth_set_cleanup -.Fa "EVP_MD *md" -.Fa "int (*cleanup)(EVP_MD_CTX *ctx)" -.Fc -.Ft int -.Fo EVP_MD_meth_set_ctrl -.Fa "EVP_MD *md" -.Fa "int (*control)(EVP_MD_CTX *ctx, int command, int p1, void *p2)" -.Fc -.Sh DESCRIPTION -The -.Vt EVP_MD -type is a structure for digest method implementation. -It can also have associated public/private key signing and verifying -routines. -.Pp -.Fn EVP_MD_meth_new -creates a new -.Vt EVP_MD -structure. -.Pp -.Fn EVP_MD_meth_dup -creates a copy of -.Fa md . -.Pp -.Fn EVP_MD_meth_free -destroys a -.Vt EVP_MD -structure. -.Pp -.Fn EVP_MD_meth_set_input_blocksize -sets the internal input block size for the method -.Fa md -to -.Fa blocksize -bytes. -.Pp -.Fn EVP_MD_meth_set_result_size -sets the size of the result that the digest method in -.Fa md -is expected to produce to -.Fa resultsize -bytes. -.Pp -The digest method may have its own private data, which OpenSSL will -allocate for it. -.Fn EVP_MD_meth_set_app_datasize -should be used to set the size for it to -.Fa datasize . -.Pp -.Fn EVP_MD_meth_set_flags -sets the flags to describe optional behaviours in the particular -.Fa md . -Several flags can be or'd together. -The available flags are: -.Bl -tag -width Ds -.It Dv EVP_MD_FLAG_DIGALGID_NULL -When setting up a -.Vt DigestAlgorithmIdentifier -with -.Xr X509_ALGOR_set_md 3 , -set the parameter type to -.Dv V_ASN1_NULL -and the parameter value to -.Dv NULL . -This is the default, which means that it takes effect for -.Vt EVP_MD -objects that do not have -.Dv EVP_MD_FLAG_DIGALGID_ABSENT -set. -Use this for PKCS#1. -.It Dv EVP_MD_FLAG_DIGALGID_ABSENT -When setting up a -.Vt DigestAlgorithmIdentifier -with -.Xr X509_ALGOR_set_md 3 , -set the parameter type to -.Dv V_ASN1_UNDEF -and the parameter value to -.Dv NULL . -This is used by the -.Vt EVP_MD -objects documented in the manual page -.Xr EVP_sha3_224 3 -and by the objects returned from -.Xr EVP_sha512 3 , -.Xr EVP_sha512_256 3 , -.Xr EVP_sha512_224 3 , -.Xr EVP_sha384 3 , -.Xr EVP_sha256 3 , -.Xr EVP_sha224 3 , -.Xr EVP_sha1 3 , -and -.Xr EVP_sm3 3 . -.It Dv EVP_MD_FLAG_DIGALGID_CUSTOM -This flag is reserved for user-defined -.Vt EVP_MD -objects supporting custom -.Vt DigestAlgorithmIdentifier -handling via -.Xr EVP_MD_CTX_ctrl 3 , -but actually, it is ignored by both LibreSSL and OpenSSL -and such user-defined behaviour is not supported by the libraries. -.It Dv EVP_MD_FLAG_FIPS -Mark the digest method as suitable for FIPS mode. -This flag is ignored by both LibreSSL and OpenSSL. -.It Dv EVP_MD_FLAG_ONESHOT -Intended to indicate that the digest method can only handle one block -of input, but actually, this flag is ignored by both LibreSSL and OpenSSL. -.El -.Pp -.Fn EVP_MD_meth_set_init -sets the digest init function for -.Fa md . -The digest init function is called by -.Xr EVP_Digest 3 , -.Xr EVP_DigestInit 3 , -.Xr EVP_DigestInit_ex 3 , -EVP_SignInit, -.Xr EVP_SignInit_ex 3 , -.Xr EVP_VerifyInit 3 -and -.Xr EVP_VerifyInit_ex 3 . -.Pp -.Fn EVP_MD_meth_set_update -sets the digest update function for -.Fa md . -The digest update function is called by -.Xr EVP_Digest 3 , -.Xr EVP_DigestUpdate 3 -and -.Xr EVP_SignUpdate 3 . -.Pp -.Fn EVP_MD_meth_set_final -sets the digest final function for -.Fa md . -The digest final function is called by -.Xr EVP_Digest 3 , -.Xr EVP_DigestFinal 3 , -.Xr EVP_DigestFinal_ex 3 , -.Xr EVP_SignFinal 3 -and -.Xr EVP_VerifyFinal 3 . -.Pp -.Fn EVP_MD_meth_set_copy -sets the function for -.Fa md -to do extra computations after the method's private data structure has -been copied from one -.Vt EVP_MD_CTX -object to another. -If all that's needed is to copy the data, there is no need for this copy -function. -The copy function is passed two -.Vt EVP_MD_CTX -objects, the private data structure is then available with -.Xr EVP_MD_CTX_md_data 3 . -This copy function is called by -.Xr EVP_MD_CTX_copy 3 -and -.Xr EVP_MD_CTX_copy_ex 3 . -.Pp -.Fn EVP_MD_meth_set_cleanup -sets the function for -.Fa md -to do extra cleanup before the method's private data structure is -cleaned out and freed. -The cleanup function is passed an -.Vt EVP_MD_CTX -object, the private data structure is then available with -.Xr EVP_MD_CTX_md_data 3 . -This cleanup function is called by -.Xr EVP_MD_CTX_reset 3 -and -.Xr EVP_MD_CTX_free 3 . -.Pp -.Fn EVP_MD_meth_set_ctrl -sets the -.Fa control -function for -.Fa md . -The -.Fa control -function supplied by the application program has to return 1 to indicate -success, 0 to indicate failure, or \-1 if the -.Fa command -is not supported for this digest method. -See -.Xr EVP_MD_CTX_ctrl 3 -for the available -.Fa command -arguments. -.Sh RETURN VALUES -.Fn EVP_MD_meth_new -and -.Fn EVP_MD_meth_dup -return a pointer to a newly created -.Vt EVP_MD , -or NULL on failure. -All -.Fn EVP_MD_meth_set_* -functions return 1. -.Sh SEE ALSO -.Xr EVP_DigestInit 3 , -.Xr EVP_SignInit 3 , -.Xr EVP_VerifyInit 3 -.Sh HISTORY -All these functions -first appeared in OpenSSL 1.1.0 and have been available since -.Ox 7.1 . diff --git a/lib/libcrypto/man/EVP_MD_nid.3 b/lib/libcrypto/man/EVP_MD_nid.3 index acc0c704f..15806091d 100644 --- a/lib/libcrypto/man/EVP_MD_nid.3 +++ b/lib/libcrypto/man/EVP_MD_nid.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_MD_nid.3,v 1.3 2023/09/07 16:32:41 schwarze Exp $ +.\" $OpenBSD: EVP_MD_nid.3,v 1.4 2024/03/05 17:21:40 tb Exp $ .\" full merge up to: OpenSSL man3/EVP_DigestInit.pod .\" 24a535ea Sep 22 13:14:20 2020 +0100 .\" @@ -68,7 +68,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 7 2023 $ +.Dd $Mdocdate: March 5 2024 $ .Dt EVP_MD_NID 3 .Os .Sh NAME @@ -170,12 +170,56 @@ is configured to use. .Fn EVP_MD_flags returns the message digest flags used by .Fa md . -The meaning of the flags is described in the -.Xr EVP_MD_meth_set_flags 3 -manual page. Be careful to not confuse these flags with the unrelated message digest context flags that can be inspected with .Xr EVP_MD_CTX_test_flags 3 . +The available flags are: +.Bl -tag -width Ds +.It Dv EVP_MD_FLAG_DIGALGID_NULL +The parameters in a +.Vt DigestAlgorithmIdentifier +are encoded using an explicit ASN.1 +.Dv NULL +rather than omitting them. +This is the default, which means that it takes effect for +.Vt EVP_MD +objects that do not have +.Dv EVP_MD_FLAG_DIGALGID_ABSENT +set. +.It Dv EVP_MD_FLAG_DIGALGID_ABSENT +The parameters in a +.Vt DigestAlgorithmIdentifier +are omitted from the ASN.1 encoding. +This is used by the +.Vt EVP_MD +objects documented in the manual page +.Xr EVP_sha3_224 3 +and by the objects returned from +.Xr EVP_sha512 3 , +.Xr EVP_sha512_256 3 , +.Xr EVP_sha512_224 3 , +.Xr EVP_sha384 3 , +.Xr EVP_sha256 3 , +.Xr EVP_sha224 3 , +.Xr EVP_sha1 3 , +and +.Xr EVP_sm3 3 . +.It Dv EVP_MD_FLAG_DIGALGID_CUSTOM +This flag is reserved for user-defined +.Vt EVP_MD +objects supporting custom +.Vt DigestAlgorithmIdentifier +handling via +.Xr EVP_MD_CTX_ctrl 3 , +but actually, it is ignored by both LibreSSL and OpenSSL +and such user-defined behaviour is not supported by the libraries. +.It Dv EVP_MD_FLAG_FIPS +Mark the digest method as suitable for FIPS mode. +This flag is ignored by both LibreSSL and OpenSSL. +.It Dv EVP_MD_FLAG_ONESHOT +Intended to indicate that the digest method can only handle one block +of input, but actually, this flag is ignored by both LibreSSL and OpenSSL. +.El .Pp .Fn EVP_MD_pkey_type returns the NID of the public key signing algorithm associated with this @@ -224,6 +268,12 @@ return the digest or block size in bytes. .Xr EVP_DigestInit 3 , .Xr EVP_MD_CTX_ctrl 3 , .Xr OBJ_nid2obj 3 +.Sh STANDARDS +RFC 5754: Using SHA2 Algorithms with Cryptographic Message Syntax +.Bl -dash -compact -offset indent +.It +section 2: Message Digest Algorithms +.El .Sh HISTORY .Fn EVP_MD_size first appeared in SSLeay 0.6.6, diff --git a/lib/libcrypto/man/EVP_sha1.3 b/lib/libcrypto/man/EVP_sha1.3 index 43898a5f6..b28c9f54c 100644 --- a/lib/libcrypto/man/EVP_sha1.3 +++ b/lib/libcrypto/man/EVP_sha1.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_sha1.3,v 1.1 2023/08/27 15:33:08 schwarze Exp $ +.\" $OpenBSD: EVP_sha1.3,v 1.2 2024/03/05 17:21:40 tb Exp $ .\" .\" Copyright (c) 2023 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: August 27 2023 $ +.Dd $Mdocdate: March 5 2024 $ .Dt EVP_SHA1 3 .Os .Sh NAME @@ -67,8 +67,7 @@ These functions return pointers to static objects implementing the hash functions. .Sh SEE ALSO .Xr evp 3 , -.Xr EVP_DigestInit 3 , -.Xr EVP_MD_meth_new 3 +.Xr EVP_DigestInit 3 .Sh STANDARDS .Rs .%A T. Polk diff --git a/lib/libcrypto/man/EVP_sha3_224.3 b/lib/libcrypto/man/EVP_sha3_224.3 index bd9138c3f..3c21ae1a0 100644 --- a/lib/libcrypto/man/EVP_sha3_224.3 +++ b/lib/libcrypto/man/EVP_sha3_224.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_sha3_224.3,v 1.2 2023/08/15 11:54:38 schwarze Exp $ +.\" $OpenBSD: EVP_sha3_224.3,v 1.3 2024/03/05 17:21:40 tb Exp $ .\" selective merge up to: OpenSSL bbda8ce9 Oct 31 15:43:01 2017 +0800 .\" .\" This file was written by Ronald Tse . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 15 2023 $ +.Dd $Mdocdate: March 5 2024 $ .Dt EVP_SHA3_224 3 .Os .Sh NAME @@ -86,7 +86,6 @@ These functions return pointers to static objects implementing the hash functions. .Sh SEE ALSO .Xr evp 3 , -.Xr EVP_DigestInit 3 , -.Xr EVP_MD_meth_new 3 +.Xr EVP_DigestInit 3 .Sh STANDARDS NIST FIPS 202 diff --git a/lib/libcrypto/man/Makefile b/lib/libcrypto/man/Makefile index 56dc62e81..565f58312 100644 --- a/lib/libcrypto/man/Makefile +++ b/lib/libcrypto/man/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.283 2024/03/04 19:04:47 tb Exp $ +# $OpenBSD: Makefile,v 1.284 2024/03/05 17:21:40 tb Exp $ .include @@ -170,7 +170,6 @@ MAN= \ EVP_EncodeInit.3 \ EVP_EncryptInit.3 \ EVP_MD_CTX_ctrl.3 \ - EVP_MD_meth_new.3 \ EVP_MD_nid.3 \ EVP_OpenInit.3 \ EVP_PKCS82PKEY.3 \ diff --git a/lib/libcrypto/man/evp.3 b/lib/libcrypto/man/evp.3 index f8b621434..ece3bfe7f 100644 --- a/lib/libcrypto/man/evp.3 +++ b/lib/libcrypto/man/evp.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: evp.3,v 1.27 2024/03/04 19:04:47 tb Exp $ +.\" $OpenBSD: evp.3,v 1.28 2024/03/05 17:21:40 tb Exp $ .\" full merge up to: OpenSSL man7/evp 24a535ea Sep 22 13:14:20 2020 +0100 .\" .\" This file was written by Ulf Moeller , @@ -51,7 +51,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 4 2024 $ +.Dd $Mdocdate: March 5 2024 $ .Dt EVP 3 .Os .Sh NAME @@ -186,7 +186,6 @@ family of functions provides base64 encoding and decoding. .Xr EVP_EncodeInit 3 , .Xr EVP_EncryptInit 3 , .Xr EVP_MD_CTX_ctrl 3 , -.Xr EVP_MD_meth_new 3 , .Xr EVP_MD_nid 3 , .Xr EVP_OpenInit 3 , .Xr EVP_PKCS82PKEY 3 , diff --git a/regress/libexec/ftpd/Makefile b/regress/libexec/ftpd/Makefile index fe6bfdc62..35ccfc748 100644 --- a/regress/libexec/ftpd/Makefile +++ b/regress/libexec/ftpd/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.11 2021/05/09 14:26:45 jan Exp $ +# $OpenBSD: Makefile,v 1.12 2024/03/05 07:01:40 anton Exp $ .PHONY: setup-ftpd @@ -41,6 +41,7 @@ regress: setup-ftpd: ${SUDO} pkill tcpserver || true ${SUDO} pkill ftpd || true + nc 127.0.0.1 21 >/dev/null 2>&1 || true # start ftpd ${SUDO} ${TCPSERVER} 127.0.0.1 21 ${KTRACE} ${FTPD} -A & \ timeout=$$(($$(date +%s) + 5)); \ diff --git a/sys/net/if_wg.c b/sys/net/if_wg.c index e0a558303..8d26905c3 100644 --- a/sys/net/if_wg.c +++ b/sys/net/if_wg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_wg.c,v 1.36 2024/01/18 08:46:41 mvs Exp $ */ +/* $OpenBSD: if_wg.c,v 1.37 2024/03/05 17:48:01 mvs Exp $ */ /* * Copyright (C) 2015-2020 Jason A. Donenfeld . All Rights Reserved. @@ -150,8 +150,8 @@ struct wg_index { }; struct wg_timers { - /* t_lock is for blocking wg_timers_event_* when setting t_disabled. */ - struct rwlock t_lock; + /* t_mtx is for blocking wg_timers_event_* when setting t_disabled. */ + struct mutex t_mtx; int t_disabled; int t_need_another_keepalive; @@ -930,7 +930,7 @@ void wg_timers_init(struct wg_timers *t) { bzero(t, sizeof(*t)); - rw_init(&t->t_lock, "wg_timers"); + mtx_init_flags(&t->t_mtx, IPL_NET, "wg_timers", 0); mtx_init(&t->t_handshake_mtx, IPL_NET); timeout_set(&t->t_new_handshake, wg_timers_run_new_handshake, t); @@ -945,19 +945,19 @@ wg_timers_init(struct wg_timers *t) void wg_timers_enable(struct wg_timers *t) { - rw_enter_write(&t->t_lock); + mtx_enter(&t->t_mtx); t->t_disabled = 0; - rw_exit_write(&t->t_lock); + mtx_leave(&t->t_mtx); wg_timers_run_persistent_keepalive(t); } void wg_timers_disable(struct wg_timers *t) { - rw_enter_write(&t->t_lock); + mtx_enter(&t->t_mtx); t->t_disabled = 1; t->t_need_another_keepalive = 0; - rw_exit_write(&t->t_lock); + mtx_leave(&t->t_mtx); timeout_del_barrier(&t->t_new_handshake); timeout_del_barrier(&t->t_send_keepalive); @@ -969,12 +969,12 @@ wg_timers_disable(struct wg_timers *t) void wg_timers_set_persistent_keepalive(struct wg_timers *t, uint16_t interval) { - rw_enter_read(&t->t_lock); + mtx_enter(&t->t_mtx); if (!t->t_disabled) { t->t_persistent_keepalive_interval = interval; wg_timers_run_persistent_keepalive(t); } - rw_exit_read(&t->t_lock); + mtx_leave(&t->t_mtx); } int @@ -1020,16 +1020,16 @@ wg_timers_event_data_sent(struct wg_timers *t) int msecs = NEW_HANDSHAKE_TIMEOUT * 1000; msecs += arc4random_uniform(REKEY_TIMEOUT_JITTER); - rw_enter_read(&t->t_lock); + mtx_enter(&t->t_mtx); if (!t->t_disabled && !timeout_pending(&t->t_new_handshake)) timeout_add_msec(&t->t_new_handshake, msecs); - rw_exit_read(&t->t_lock); + mtx_leave(&t->t_mtx); } void wg_timers_event_data_received(struct wg_timers *t) { - rw_enter_read(&t->t_lock); + mtx_enter(&t->t_mtx); if (!t->t_disabled) { if (!timeout_pending(&t->t_send_keepalive)) timeout_add_sec(&t->t_send_keepalive, @@ -1037,7 +1037,7 @@ wg_timers_event_data_received(struct wg_timers *t) else t->t_need_another_keepalive = 1; } - rw_exit_read(&t->t_lock); + mtx_leave(&t->t_mtx); } void @@ -1055,11 +1055,11 @@ wg_timers_event_any_authenticated_packet_received(struct wg_timers *t) void wg_timers_event_any_authenticated_packet_traversal(struct wg_timers *t) { - rw_enter_read(&t->t_lock); + mtx_enter(&t->t_mtx); if (!t->t_disabled && t->t_persistent_keepalive_interval > 0) timeout_add_sec(&t->t_persistent_keepalive, t->t_persistent_keepalive_interval); - rw_exit_read(&t->t_lock); + mtx_leave(&t->t_mtx); } void @@ -1068,10 +1068,10 @@ wg_timers_event_handshake_initiated(struct wg_timers *t) int msecs = REKEY_TIMEOUT * 1000; msecs += arc4random_uniform(REKEY_TIMEOUT_JITTER); - rw_enter_read(&t->t_lock); + mtx_enter(&t->t_mtx); if (!t->t_disabled) timeout_add_msec(&t->t_retry_handshake, msecs); - rw_exit_read(&t->t_lock); + mtx_leave(&t->t_mtx); } void @@ -1085,7 +1085,7 @@ wg_timers_event_handshake_responded(struct wg_timers *t) void wg_timers_event_handshake_complete(struct wg_timers *t) { - rw_enter_read(&t->t_lock); + mtx_enter(&t->t_mtx); if (!t->t_disabled) { mtx_enter(&t->t_handshake_mtx); timeout_del(&t->t_retry_handshake); @@ -1094,25 +1094,25 @@ wg_timers_event_handshake_complete(struct wg_timers *t) mtx_leave(&t->t_handshake_mtx); wg_timers_run_send_keepalive(t); } - rw_exit_read(&t->t_lock); + mtx_leave(&t->t_mtx); } void wg_timers_event_session_derived(struct wg_timers *t) { - rw_enter_read(&t->t_lock); + mtx_enter(&t->t_mtx); if (!t->t_disabled) timeout_add_sec(&t->t_zero_key_material, REJECT_AFTER_TIME * 3); - rw_exit_read(&t->t_lock); + mtx_leave(&t->t_mtx); } void wg_timers_event_want_initiation(struct wg_timers *t) { - rw_enter_read(&t->t_lock); + mtx_enter(&t->t_mtx); if (!t->t_disabled) wg_timers_run_send_initiation(t, 0); - rw_exit_read(&t->t_lock); + mtx_leave(&t->t_mtx); } void diff --git a/sys/net/wg_noise.c b/sys/net/wg_noise.c index 2a1954d94..c4d64baee 100644 --- a/sys/net/wg_noise.c +++ b/sys/net/wg_noise.c @@ -1,4 +1,4 @@ -/* $OpenBSD: wg_noise.c,v 1.6 2023/02/03 18:31:17 miod Exp $ */ +/* $OpenBSD: wg_noise.c,v 1.7 2024/03/05 17:48:01 mvs Exp $ */ /* * Copyright (C) 2015-2020 Jason A. Donenfeld . All Rights Reserved. * Copyright (C) 2019-2020 Matt Dunwoodie @@ -20,6 +20,7 @@ #include #include #include +#include #include #include @@ -139,7 +140,7 @@ noise_remote_init(struct noise_remote *r, uint8_t public[NOISE_PUBLIC_KEY_LEN], bzero(r, sizeof(*r)); memcpy(r->r_public, public, NOISE_PUBLIC_KEY_LEN); rw_init(&r->r_handshake_lock, "noise_handshake"); - rw_init(&r->r_keypair_lock, "noise_keypair"); + mtx_init_flags(&r->r_keypair_mtx, IPL_NET, "noise_keypair", 0); SLIST_INSERT_HEAD(&r->r_unused_keypairs, &r->r_keypair[0], kp_entry); SLIST_INSERT_HEAD(&r->r_unused_keypairs, &r->r_keypair[1], kp_entry); @@ -468,10 +469,10 @@ noise_remote_begin_session(struct noise_remote *r) kp.kp_remote_index = hs->hs_remote_index; getnanouptime(&kp.kp_birthdate); bzero(&kp.kp_ctr, sizeof(kp.kp_ctr)); - rw_init(&kp.kp_ctr.c_lock, "noise_counter"); + mtx_init_flags(&kp.kp_ctr.c_mtx, IPL_NET, "noise_counter", 0); /* Now we need to add_new_keypair */ - rw_enter_write(&r->r_keypair_lock); + mtx_enter(&r->r_keypair_mtx); next = r->r_next; current = r->r_current; previous = r->r_previous; @@ -497,7 +498,7 @@ noise_remote_begin_session(struct noise_remote *r) r->r_next = noise_remote_keypair_allocate(r); *r->r_next = kp; } - rw_exit_write(&r->r_keypair_lock); + mtx_leave(&r->r_keypair_mtx); explicit_bzero(&r->r_handshake, sizeof(r->r_handshake)); rw_exit_write(&r->r_handshake_lock); @@ -514,25 +515,25 @@ noise_remote_clear(struct noise_remote *r) explicit_bzero(&r->r_handshake, sizeof(r->r_handshake)); rw_exit_write(&r->r_handshake_lock); - rw_enter_write(&r->r_keypair_lock); + mtx_enter(&r->r_keypair_mtx); noise_remote_keypair_free(r, r->r_next); noise_remote_keypair_free(r, r->r_current); noise_remote_keypair_free(r, r->r_previous); r->r_next = NULL; r->r_current = NULL; r->r_previous = NULL; - rw_exit_write(&r->r_keypair_lock); + mtx_leave(&r->r_keypair_mtx); } void noise_remote_expire_current(struct noise_remote *r) { - rw_enter_write(&r->r_keypair_lock); + mtx_enter(&r->r_keypair_mtx); if (r->r_next != NULL) r->r_next->kp_valid = 0; if (r->r_current != NULL) r->r_current->kp_valid = 0; - rw_exit_write(&r->r_keypair_lock); + mtx_leave(&r->r_keypair_mtx); } int @@ -541,7 +542,7 @@ noise_remote_ready(struct noise_remote *r) struct noise_keypair *kp; int ret; - rw_enter_read(&r->r_keypair_lock); + mtx_enter(&r->r_keypair_mtx); /* kp_ctr isn't locked here, we're happy to accept a racy read. */ if ((kp = r->r_current) == NULL || !kp->kp_valid || @@ -551,7 +552,7 @@ noise_remote_ready(struct noise_remote *r) ret = EINVAL; else ret = 0; - rw_exit_read(&r->r_keypair_lock); + mtx_leave(&r->r_keypair_mtx); return ret; } @@ -562,7 +563,7 @@ noise_remote_encrypt(struct noise_remote *r, uint32_t *r_idx, uint64_t *nonce, struct noise_keypair *kp; int ret = EINVAL; - rw_enter_read(&r->r_keypair_lock); + mtx_enter(&r->r_keypair_mtx); if ((kp = r->r_current) == NULL) goto error; @@ -601,7 +602,7 @@ noise_remote_encrypt(struct noise_remote *r, uint32_t *r_idx, uint64_t *nonce, ret = 0; error: - rw_exit_read(&r->r_keypair_lock); + mtx_leave(&r->r_keypair_mtx); return ret; } @@ -616,7 +617,7 @@ noise_remote_decrypt(struct noise_remote *r, uint32_t r_idx, uint64_t nonce, * attempt the current keypair first as that is most likely. We also * want to make sure that the keypair is valid as it would be * catastrophic to decrypt against a zero'ed keypair. */ - rw_enter_read(&r->r_keypair_lock); + mtx_enter(&r->r_keypair_mtx); if (r->r_current != NULL && r->r_current->kp_local_index == r_idx) { kp = r->r_current; @@ -651,8 +652,6 @@ noise_remote_decrypt(struct noise_remote *r, uint32_t r_idx, uint64_t nonce, * we skip the REKEY_AFTER_TIME_RECV check. This is safe to do as a * data packet can't confirm a session that we are an INITIATOR of. */ if (kp == r->r_next) { - rw_exit_read(&r->r_keypair_lock); - rw_enter_write(&r->r_keypair_lock); if (kp == r->r_next && kp->kp_local_index == r_idx) { noise_remote_keypair_free(r, r->r_previous); r->r_previous = r->r_current; @@ -662,7 +661,6 @@ noise_remote_decrypt(struct noise_remote *r, uint32_t r_idx, uint64_t nonce, ret = ECONNRESET; goto error; } - rw_enter(&r->r_keypair_lock, RW_DOWNGRADE); } /* Similar to when we encrypt, we want to notify the caller when we @@ -680,7 +678,7 @@ noise_remote_decrypt(struct noise_remote *r, uint32_t r_idx, uint64_t nonce, ret = 0; error: - rw_exit(&r->r_keypair_lock); + mtx_leave(&r->r_keypair_mtx); return ret; } @@ -731,9 +729,9 @@ noise_counter_send(struct noise_counter *ctr) return atomic_inc_long_nv((u_long *)&ctr->c_send) - 1; #else uint64_t ret; - rw_enter_write(&ctr->c_lock); + mtx_enter(&ctr->c_mtx); ret = ctr->c_send++; - rw_exit_write(&ctr->c_lock); + mtx_leave(&ctr->c_mtx); return ret; #endif } @@ -745,7 +743,7 @@ noise_counter_recv(struct noise_counter *ctr, uint64_t recv) unsigned long bit; int ret = EEXIST; - rw_enter_write(&ctr->c_lock); + mtx_enter(&ctr->c_mtx); /* Check that the recv counter is valid */ if (ctr->c_recv >= REJECT_AFTER_MESSAGES || @@ -779,7 +777,7 @@ noise_counter_recv(struct noise_counter *ctr, uint64_t recv) ret = 0; error: - rw_exit_write(&ctr->c_lock); + mtx_leave(&ctr->c_mtx); return ret; } @@ -976,7 +974,7 @@ noise_timer_expired(struct timespec *birthdate, time_t sec, long nsec) #define T_LIM (COUNTER_WINDOW_SIZE + 1) #define T_INIT do { \ bzero(&ctr, sizeof(ctr)); \ - rw_init(&ctr.c_lock, "counter"); \ + mtx_init_flags(&ctr.c_mtx, IPL_NET, "counter", 0); \ } while (0) #define T(num, v, e) do { \ if (noise_counter_recv(&ctr, v) != e) { \ diff --git a/sys/net/wg_noise.h b/sys/net/wg_noise.h index 5bcc15673..5daedbc80 100644 --- a/sys/net/wg_noise.h +++ b/sys/net/wg_noise.h @@ -1,4 +1,4 @@ -/* $OpenBSD: wg_noise.h,v 1.2 2020/12/09 05:53:33 tb Exp $ */ +/* $OpenBSD: wg_noise.h,v 1.3 2024/03/05 17:48:01 mvs Exp $ */ /* * Copyright (C) 2015-2020 Jason A. Donenfeld . All Rights Reserved. * Copyright (C) 2019-2020 Matt Dunwoodie @@ -21,6 +21,7 @@ #include #include +#include #include #include @@ -71,7 +72,7 @@ struct noise_handshake { }; struct noise_counter { - struct rwlock c_lock; + struct mutex c_mtx; uint64_t c_send; uint64_t c_recv; unsigned long c_backtrack[COUNTER_NUM]; @@ -100,7 +101,7 @@ struct noise_remote { uint8_t r_timestamp[NOISE_TIMESTAMP_LEN]; struct timespec r_last_init; /* nanouptime */ - struct rwlock r_keypair_lock; + struct mutex r_keypair_mtx; SLIST_HEAD(,noise_keypair) r_unused_keypairs; struct noise_keypair *r_next, *r_current, *r_previous; struct noise_keypair r_keypair[3]; /* 3: next, current, previous. */ diff --git a/sys/netinet/ip_divert.c b/sys/netinet/ip_divert.c index 5e29884d3..68c24d1ed 100644 --- a/sys/netinet/ip_divert.c +++ b/sys/netinet/ip_divert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_divert.c,v 1.94 2024/02/11 18:14:26 mvs Exp $ */ +/* $OpenBSD: ip_divert.c,v 1.95 2024/03/05 09:45:13 bluhm Exp $ */ /* * Copyright (c) 2009 Michele Marchetto @@ -100,21 +100,19 @@ divert_output(struct inpcb *inp, struct mbuf *m, struct mbuf *nam, if ((error = in_nam2sin(nam, &sin))) goto fail; - /* Do basic sanity checks. */ - if (m->m_pkthdr.len < sizeof(struct ip)) + if (m->m_pkthdr.len > IP_MAXPACKET) { + error = EMSGSIZE; goto fail; - if ((m = m_pullup(m, sizeof(struct ip))) == NULL) { - /* m_pullup() has freed the mbuf, so just return. */ - divstat_inc(divs_errors); - return (ENOBUFS); } + + m = rip_chkhdr(m, NULL); + if (m == NULL) { + error = EINVAL; + goto fail; + } + ip = mtod(m, struct ip *); - if (ip->ip_v != IPVERSION) - goto fail; off = ip->ip_hl << 2; - if (off < sizeof(struct ip) || ntohs(ip->ip_len) < off || - m->m_pkthdr.len < ntohs(ip->ip_len)) - goto fail; dir = (sin->sin_addr.s_addr == INADDR_ANY ? PF_OUT : PF_IN); @@ -135,8 +133,10 @@ divert_output(struct inpcb *inp, struct mbuf *m, struct mbuf *nam, min_hdrlen = 0; break; } - if (min_hdrlen && m->m_pkthdr.len < off + min_hdrlen) + if (min_hdrlen && m->m_pkthdr.len < off + min_hdrlen) { + error = EINVAL; goto fail; + } m->m_pkthdr.pf.flags |= PF_TAG_DIVERTED_PACKET; @@ -181,7 +181,7 @@ divert_output(struct inpcb *inp, struct mbuf *m, struct mbuf *nam, fail: m_freem(m); divstat_inc(divs_errors); - return (error ? error : EINVAL); + return (error); } void diff --git a/sys/netinet/ip_var.h b/sys/netinet/ip_var.h index b0e6ba891..2c0d45379 100644 --- a/sys/netinet/ip_var.h +++ b/sys/netinet/ip_var.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_var.h,v 1.113 2024/02/13 12:22:09 bluhm Exp $ */ +/* $OpenBSD: ip_var.h,v 1.114 2024/03/05 09:45:13 bluhm Exp $ */ /* $NetBSD: ip_var.h,v 1.16 1996/02/13 23:43:20 christos Exp $ */ /* @@ -261,6 +261,8 @@ void rip_init(void); int rip_input(struct mbuf **, int *, int, int); int rip_output(struct mbuf *, struct socket *, struct sockaddr *, struct mbuf *); +struct mbuf * + rip_chkhdr(struct mbuf *, struct mbuf *); int rip_attach(struct socket *, int, int); int rip_detach(struct socket *); void rip_lock(struct socket *); diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index fb19c839a..219e2898f 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: raw_ip.c,v 1.156 2024/02/11 18:14:26 mvs Exp $ */ +/* $OpenBSD: raw_ip.c,v 1.157 2024/03/05 09:45:13 bluhm Exp $ */ /* $NetBSD: raw_ip.c,v 1.25 1996/02/18 18:58:33 christos Exp $ */ /* @@ -128,8 +128,6 @@ rip_init(void) in_pcbinit(&rawcbtable, 1); } -struct mbuf *rip_chkhdr(struct mbuf *, struct mbuf *); - int rip_input(struct mbuf **mp, int *offp, int proto, int af) { diff --git a/usr.bin/whois/whois.1 b/usr.bin/whois/whois.1 index 89898f5ca..7477324bb 100644 --- a/usr.bin/whois/whois.1 +++ b/usr.bin/whois/whois.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: whois.1,v 1.38 2023/08/21 11:12:28 jsg Exp $ +.\" $OpenBSD: whois.1,v 1.39 2024/03/05 16:06:32 millert Exp $ .\" $NetBSD: whois.1,v 1.5 1995/08/31 21:51:32 jtc Exp $ .\" .\" Copyright (c) 1985, 1990, 1993 @@ -30,7 +30,7 @@ .\" .\" @(#)whois.1 8.2 (Berkeley) 6/20/94 .\" -.Dd $Mdocdate: August 21 2023 $ +.Dd $Mdocdate: March 5 2024 $ .Dt WHOIS 1 .Os .Sh NAME @@ -130,37 +130,26 @@ Use the Internet Assigned Numbers Authority root zone database. It contains information about top-level domains. .It Fl i -Use the Network Solutions Registry for Internet Numbers -.Pq Tn whois.networksolutions.com +Use the traditional Network Information Center (InterNIC) +.Pq Tn whois.internic.net database. -Historically, it contained network numbers and domain contact information -for most of +This now contains only registrations for domain names under .Tn \&.COM , .Tn \&.NET , .Tn \&.ORG and -.Tn \&.EDU -domains. -However, the registration of these domains is now done by a number of -independent and competing registrars and this database holds no information -on the domains registered by organizations other than Network Solutions, Inc. -Also, note that the -.Tn InterNIC -database -.Pq Pa whois.internic.net -is no longer handled by Network Solutions, Inc. -For details, see -.Lk https://www.internic.net/ . -.Pp -(Hint: Contact information, identified by the term -.Em handle , -can be looked up by prefixing -.Qq Li \&! -or -.Qq Li handle\ \& -to the -.Tn NIC -handle in the query.) +.Tn \&.EDU . +You can optionally specify the type of object to search for: +.D1 Ic whois -i ' Ns Ar type Ar name Ns Ic ' +where +.Ar type +is one of +.Em domain , nameserver , registrar . +The +.Ar name +may also contain +.Li * +wildcards. .It Fl l Use the Latin American and Caribbean IP address Regional Registry .Pq Tn LACNIC diff --git a/usr.bin/whois/whois.c b/usr.bin/whois/whois.c index 13df7a7b9..7f922488c 100644 --- a/usr.bin/whois/whois.c +++ b/usr.bin/whois/whois.c @@ -1,4 +1,4 @@ -/* $OpenBSD: whois.c,v 1.58 2018/06/19 11:28:11 jca Exp $ */ +/* $OpenBSD: whois.c,v 1.59 2024/03/05 16:06:32 millert Exp $ */ /* * Copyright (c) 1980, 1993 @@ -45,7 +45,7 @@ #include #define NICHOST "whois.crsnic.net" -#define INICHOST "whois.networksolutions.com" +#define INICHOST "whois.internic.net" #define CNICHOST "whois.corenic.net" #define DNICHOST "whois.nic.mil" #define GNICHOST "whois.nic.gov"