diff --git a/distrib/sets/lists/comp/mi b/distrib/sets/lists/comp/mi index 33a646b16..e075fb6f2 100644 --- a/distrib/sets/lists/comp/mi +++ b/distrib/sets/lists/comp/mi @@ -1911,6 +1911,7 @@ ./usr/share/man/man3/EVP_BytesToKey.3 ./usr/share/man/man3/EVP_CIPHER_CTX_ctrl.3 ./usr/share/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 +./usr/share/man/man3/EVP_CIPHER_CTX_init.3 ./usr/share/man/man3/EVP_CIPHER_CTX_set_flags.3 ./usr/share/man/man3/EVP_CIPHER_do_all.3 ./usr/share/man/man3/EVP_CIPHER_meth_new.3 diff --git a/lib/libcrypto/evp/evp_enc.c b/lib/libcrypto/evp/evp_enc.c index 0867070a7..04aa8f57a 100644 --- a/lib/libcrypto/evp/evp_enc.c +++ b/lib/libcrypto/evp/evp_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_enc.c,v 1.56 2023/11/29 21:35:57 tb Exp $ */ +/* $OpenBSD: evp_enc.c,v 1.57 2023/12/01 06:53:18 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -198,8 +198,8 @@ EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, { if (ctx->encrypt) return EVP_EncryptUpdate(ctx, out, outl, in, inl); - else - return EVP_DecryptUpdate(ctx, out, outl, in, inl); + + return EVP_DecryptUpdate(ctx, out, outl, in, inl); } int @@ -207,8 +207,8 @@ EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { if (ctx->encrypt) return EVP_EncryptFinal_ex(ctx, out, outl); - else - return EVP_DecryptFinal_ex(ctx, out, outl); + + return EVP_DecryptFinal_ex(ctx, out, outl); } __warn_references(EVP_CipherFinal, @@ -217,12 +217,10 @@ __warn_references(EVP_CipherFinal, int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { - int ret; if (ctx->encrypt) - ret = EVP_EncryptFinal_ex(ctx, out, outl); - else - ret = EVP_DecryptFinal_ex(ctx, out, outl); - return ret; + return EVP_EncryptFinal_ex(ctx, out, outl); + + return EVP_DecryptFinal_ex(ctx, out, outl); } int @@ -341,10 +339,7 @@ __warn_references(EVP_EncryptFinal, int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { - int ret; - - ret = EVP_EncryptFinal_ex(ctx, out, outl); - return ret; + return EVP_EncryptFinal_ex(ctx, out, outl); } int @@ -469,10 +464,7 @@ __warn_references(EVP_DecryptFinal, int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { - int ret; - - ret = EVP_DecryptFinal_ex(ctx, out, outl); - return ret; + return EVP_DecryptFinal_ex(ctx, out, outl); } int diff --git a/lib/libcrypto/man/EVP_CIPHER_CTX_init.3 b/lib/libcrypto/man/EVP_CIPHER_CTX_init.3 new file mode 100644 index 000000000..3bb40018f --- /dev/null +++ b/lib/libcrypto/man/EVP_CIPHER_CTX_init.3 @@ -0,0 +1,150 @@ +.\" $OpenBSD: EVP_CIPHER_CTX_init.3,v 1.1 2023/12/01 10:40:21 schwarze Exp $ +.\" full merge up to: +.\" OpenSSL EVP_EncryptInit.pod 0874d7f2 Oct 11 13:13:47 2022 +0100 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2018, 2019 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Dr. Stephen Henson +.\" and Richard Levitte . +.\" Copyright (c) 2000-2001, 2015 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: December 1 2023 $ +.Dt EVP_CIPHER_CTX_INIT 3 +.Os +.Sh NAME +.Nm EVP_CIPHER_CTX_init , +.Nm EVP_CIPHER_CTX_cleanup , +.Nm EVP_Cipher +.Nd obsolete EVP cipher functions +.Sh SYNOPSIS +.In openssl/evp.h +.Ft void +.Fo EVP_CIPHER_CTX_init +.Fa "EVP_CIPHER_CTX *ctx" +.Fc +.Ft int +.Fo EVP_CIPHER_CTX_cleanup +.Fa "EVP_CIPHER_CTX *ctx" +.Fc +.Ft int +.Fo EVP_Cipher +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "unsigned char *out" +.Fa "const unsigned char *in" +.Fa "unsigned int inl" +.Fc +.Sh DESCRIPTION +.Fn EVP_CIPHER_CTX_init +is a deprecated function to clear a cipher context on the stack +before use. +Do not use it on a cipher context returned from +.Xr EVP_CIPHER_CTX_new 3 +or one that was already used. +.Pp +.Fn EVP_CIPHER_CTX_cleanup +is a deprecated alias for +.Xr EVP_CIPHER_CTX_reset 3 . +It clears all information from +.Fa ctx +and frees all allocated memory associated with it, except the +.Fa ctx +object itself. +.Pp +.Fn EVP_Cipher +encrypts or decrypts aligned blocks of data +whose lengths match the cipher block size. +It requires that the previous encryption or decryption operation +using the same +.Fa ctx , +if there was any, ended exactly on a block boundary and that +.Fa inl +is an integer multiple of the cipher block size. +If either of these conditions is violated, +.Fn EVP_Cipher +silently produces incorrect results. +For that reason, using the function +.Xr EVP_CipherUpdate 3 +instead is strongly recommended. +The latter can safely handle partial blocks, and even if +.Fa inl +actually is a multiple of the cipher block size for all calls, +the overhead incurred by using +.Xr EVP_CipherUpdate 3 +is minimal. +.Sh RETURN VALUES +.Fn EVP_CIPHER_CTX_cleanup +and +.Fn EVP_Cipher +return 1 for success or 0 for failure. +.Sh SEE ALSO +.Xr evp 3 , +.Xr EVP_EncryptInit 3 +.Sh HISTORY +.Fn EVP_Cipher +first appeared in SSLeay 0.6.5. +.Fn EVP_CIPHER_CTX_cleanup +first appeared in SSLeay 0.8.0. +.Fn EVP_CIPHER_CTX_init +first appeared in SSLeay 0.9.0. +All these functions have been available since +.Ox 2.4 . diff --git a/lib/libcrypto/man/EVP_EncryptInit.3 b/lib/libcrypto/man/EVP_EncryptInit.3 index ddec4e7e7..7deabe92c 100644 --- a/lib/libcrypto/man/EVP_EncryptInit.3 +++ b/lib/libcrypto/man/EVP_EncryptInit.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_EncryptInit.3,v 1.48 2023/08/31 17:27:41 schwarze Exp $ +.\" $OpenBSD: EVP_EncryptInit.3,v 1.50 2023/12/01 13:43:37 schwarze Exp $ .\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800 .\" EVP_bf_cbc.pod EVP_cast5_cbc.pod EVP_idea_cbc.pod EVP_rc2_cbc.pod .\" 7c6d372a Nov 20 13:20:01 2018 +0000 @@ -69,14 +69,12 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 31 2023 $ +.Dd $Mdocdate: December 1 2023 $ .Dt EVP_ENCRYPTINIT 3 .Os .Sh NAME .Nm EVP_CIPHER_CTX_new , .Nm EVP_CIPHER_CTX_reset , -.Nm EVP_CIPHER_CTX_cleanup , -.Nm EVP_CIPHER_CTX_init , .Nm EVP_CIPHER_CTX_free , .Nm EVP_CIPHER_CTX_copy , .Nm EVP_EncryptInit_ex , @@ -94,7 +92,6 @@ .Nm EVP_DecryptFinal , .Nm EVP_CipherInit , .Nm EVP_CipherFinal , -.Nm EVP_Cipher , .Nm EVP_CIPHER_CTX_encrypting , .Nm EVP_get_cipherbyname , .Nm EVP_get_cipherbynid , @@ -132,14 +129,6 @@ .Fo EVP_CIPHER_CTX_reset .Fa "EVP_CIPHER_CTX *ctx" .Fc -.Ft int -.Fo EVP_CIPHER_CTX_cleanup -.Fa "EVP_CIPHER_CTX *ctx" -.Fc -.Ft void -.Fo EVP_CIPHER_CTX_init -.Fa "EVP_CIPHER_CTX *ctx" -.Fc .Ft void .Fo EVP_CIPHER_CTX_free .Fa "EVP_CIPHER_CTX *ctx" @@ -257,13 +246,6 @@ .Fa "int *outl" .Fc .Ft int -.Fo EVP_Cipher -.Fa "EVP_CIPHER_CTX *ctx" -.Fa "unsigned char *out" -.Fa "const unsigned char *in" -.Fa "unsigned int inl" -.Fc -.Ft int .Fo EVP_CIPHER_CTX_encrypting .Fa "const EVP_CIPHER_CTX *ctx" .Fc @@ -300,16 +282,6 @@ object itself, such that it can be reused for another series of calls to .Fn EVP_CipherUpdate , and .Fn EVP_CipherFinal . -.Fn EVP_CIPHER_CTX_cleanup -is a deprecated alias for -.Fn EVP_CIPHER_CTX_reset . -.Pp -.Fn EVP_CIPHER_CTX_init -is a deprecated function to clear a cipher context on the stack -before use. -Do not use it on a cipher context returned from -.Fn EVP_CIPHER_CTX_new -or one that was already used. .Pp .Fn EVP_CIPHER_CTX_free clears all information from @@ -336,15 +308,13 @@ to .Fa out , except that the .Vt EVP_CIPHER -and -.Vt ENGINE -objects used by +object used by .Fa in and any application specific data set with .Xr EVP_CIPHER_CTX_set_app_data 3 are not copied and .Fa out -will point to the same three objects. +will point to the same two objects. The algorithm- and implementation-specific cipher data described in .Xr EVP_CIPHER_CTX_get_cipher_data 3 is copied with @@ -374,28 +344,27 @@ are used by some of the ciphers documented in the .Xr EVP_aes_256_gcm 3 manual page. .Pp +.Fn EVP_EncryptInit +and .Fn EVP_EncryptInit_ex -sets up the cipher context +set up the cipher context .Fa ctx for encryption with cipher -.Fa type -from -.Vt ENGINE -.Fa impl . +.Fa type . .Fa type is normally supplied by a function such as .Xr EVP_aes_256_cbc 3 . -If -.Fa impl -is -.Dv NULL , -then the default implementation is used. .Fa key is the symmetric key to use and .Fa iv is the IV to use (if necessary). The actual number of bytes used for the key and IV depends on the cipher. +The +.Fa ENGINE *impl +argument is always ignored and passing +.Dv NULL +is recommended. It is possible to set all parameters to .Dv NULL except @@ -425,8 +394,11 @@ The actual number of bytes written is placed in .Fa outl . .Pp If padding is enabled (the default) then -.Fn EVP_EncryptFinal_ex -encrypts the "final" data, that is any data that remains in a partial +.Fn EVP_EncryptFinal +and +.Fn EVP_EncryptFinal_ex , +which behave identically, +encrypt the "final" data, that is any data that remains in a partial block. It uses NOTES (aka PKCS padding). The encrypted final data is written to @@ -440,18 +412,24 @@ no further calls to should be made. .Pp If padding is disabled then +.Fn EVP_EncryptFinal +and .Fn EVP_EncryptFinal_ex -will not encrypt any more data and it will return an error if any data +do not encrypt any more data and return an error if any data remains in a partial block: that is if the total data length is not a multiple of the block size. .Pp +.Fn EVP_DecryptInit , .Fn EVP_DecryptInit_ex , .Fn EVP_DecryptUpdate , +.Fn EVP_DecryptFinal , and .Fn EVP_DecryptFinal_ex are the corresponding decryption operations. .Fn EVP_DecryptFinal -will return an error code if padding is enabled and the final block is +and +.Fn EVP_DecryptFinal_ex +return an error code if padding is enabled and the final block is not correctly formatted. The parameters and restrictions are identical to the encryption operations except that if padding is enabled the decrypted data buffer @@ -463,8 +441,10 @@ unless the cipher block size is 1 in which case .Fa inl bytes is sufficient. .Pp +.Fn EVP_CipherInit , .Fn EVP_CipherInit_ex , .Fn EVP_CipherUpdate , +.Fn EVP_CipherFinal , and .Fn EVP_CipherFinal_ex are functions that can be used for decryption or encryption. @@ -476,59 +456,6 @@ the value unchanged (the actual value of .Fa enc being supplied in a previous call). .Pp -.Fn EVP_EncryptInit , -.Fn EVP_DecryptInit , -and -.Fn EVP_CipherInit -are deprecated functions behaving like -.Fn EVP_EncryptInit_ex , -.Fn EVP_DecryptInit_ex , -and -.Fn EVP_CipherInit_ex -except that they always use the default cipher implementation -and that they require -.Fn EVP_CIPHER_CTX_reset -before they can be used on a context that was already used. -.Pp -.Fn EVP_EncryptFinal , -.Fn EVP_DecryptFinal , -and -.Fn EVP_CipherFinal -are identical to -.Fn EVP_EncryptFinal_ex , -.Fn EVP_DecryptFinal_ex , -and -.Fn EVP_CipherFinal_ex . -In previous releases of OpenSSL, they also used to clean up the -.Fa ctx , -but this is no longer done and -.Fn EVP_CIPHER_CTX_reset -or -.Fn EVP_CIPHER_CTX_free -must be called to free any context resources. -.Pp -.Fn EVP_Cipher -encrypts or decrypts aligned blocks of data -whose lengths match the cipher block size. -It requires that the previous encryption or decryption operation -using the same -.Fa ctx , -if there was any, ended exactly on a block boundary and that -.Fa inl -is an integer multiple of the cipher block size. -If either of these conditions is violated, -.Fn EVP_Cipher -silently produces incorrect results. -For that reason, using the function -.Fn EVP_CipherUpdate -instead is strongly recommended. -The latter can safely handle partial blocks, and even if -.Fa inl -actually is a multiple of the cipher block size for all calls, -the overhead incurred by using -.Fn EVP_CipherUpdate -is minimal. -.Pp .Fn EVP_get_cipherbyname , .Fn EVP_get_cipherbynid , and @@ -570,25 +497,6 @@ final decrypt error. If padding is disabled then the decryption operation will always succeed if the total amount of data decrypted is a multiple of the block size. .Pp -The functions -.Fn EVP_EncryptInit , -.Fn EVP_EncryptFinal , -.Fn EVP_DecryptInit , -.Fn EVP_CipherInit , -and -.Fn EVP_CipherFinal -are obsolete but are retained for compatibility with existing code. -New code should use -.Fn EVP_EncryptInit_ex , -.Fn EVP_EncryptFinal_ex , -.Fn EVP_DecryptInit_ex , -.Fn EVP_DecryptFinal_ex , -.Fn EVP_CipherInit_ex , -and -.Fn EVP_CipherFinal_ex -because they can reuse an existing context without allocating and -freeing it up on each call. -.Pp .Fn EVP_get_cipherbynid and .Fn EVP_get_cipherbyobj @@ -602,7 +510,6 @@ for success or for failure. .Pp .Fn EVP_CIPHER_CTX_reset , -.Fn EVP_CIPHER_CTX_cleanup , .Fn EVP_CIPHER_CTX_copy , .Fn EVP_EncryptInit_ex , .Fn EVP_EncryptUpdate , @@ -618,9 +525,8 @@ for failure. .Fn EVP_DecryptInit , .Fn EVP_DecryptFinal , .Fn EVP_CipherInit , -.Fn EVP_CipherFinal , and -.Fn EVP_Cipher +.Fn EVP_CipherFinal return 1 for success or 0 for failure. .Pp .Fn EVP_CIPHER_CTX_encrypting @@ -729,13 +635,17 @@ To specify any additional authenticated data (AAD), a call to .Fn EVP_EncryptUpdate , or .Fn EVP_DecryptUpdate -should be made with the output parameter out set to +should be made with the output parameter +.Fa out +set to .Dv NULL . .Pp When decrypting, the return value of -.Fn EVP_DecryptFinal +.Fn EVP_DecryptFinal , +.Fn EVP_DecryptFinal_ex , +.Fn EVP_CipherFinal , or -.Fn EVP_CipherFinal +.Fn EVP_CipherFinal_ex indicates if the operation was successful. If it does not indicate success, the authentication operation has failed and any output data MUST NOT be used as it is corrupted. @@ -754,6 +664,8 @@ bytes of the tag value to the buffer indicated by This call can only be made when encrypting data and after all data has been processed, e.g. after an .Fn EVP_EncryptFinal +or +.Fn EVP_EncryptFinal_ex call. .It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_GCM_SET_TAG taglen tag Sets the expected tag to @@ -775,7 +687,9 @@ by calling .Fn EVP_EncryptUpdate , or .Fn EVP_DecryptUpdate -with the output parameter out set to +with the output parameter +.Fa out +set to .Dv NULL . Additionally, the total plaintext or ciphertext length MUST be passed to @@ -929,6 +843,7 @@ do_crypt(FILE *in, FILE *out, int do_encrypt) .Xr EVP_chacha20 3 , .Xr EVP_CIPHER_CTX_ctrl 3 , .Xr EVP_CIPHER_CTX_get_cipher_data 3 , +.Xr EVP_CIPHER_CTX_init 3 , .Xr EVP_CIPHER_CTX_set_flags 3 , .Xr EVP_CIPHER_nid 3 , .Xr EVP_des_cbc 3 , @@ -959,15 +874,12 @@ first appeared in SSLeay 0.5.1. and .Fn EVP_rc2_ofb first appeared in SSLeay 0.5.2. -.Fn EVP_Cipher -first appeared in SSLeay 0.6.5. .Fn EVP_bf_cbc , .Fn EVP_bf_ecb , .Fn EVP_bf_cfb , and .Fn EVP_bf_ofb first appeared in SSLeay 0.6.6. -.Fn EVP_CIPHER_CTX_cleanup , .Fn EVP_get_cipherbyobj , .Fn EVP_CIPHER_CTX_cipher , and @@ -975,8 +887,6 @@ and first appeared in SSLeay 0.8.0. .Fn EVP_get_cipherbynid first appeared in SSLeay 0.8.1. -.Fn EVP_CIPHER_CTX_init -first appeared in SSLeay 0.9.0. All these functions have been available since .Ox 2.4 . .Pp diff --git a/lib/libcrypto/man/Makefile b/lib/libcrypto/man/Makefile index 01be88116..a5cd8c53d 100644 --- a/lib/libcrypto/man/Makefile +++ b/lib/libcrypto/man/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.277 2023/11/19 10:36:14 tb Exp $ +# $OpenBSD: Makefile,v 1.278 2023/12/01 10:40:21 schwarze Exp $ .include @@ -158,6 +158,7 @@ MAN= \ EVP_BytesToKey.3 \ EVP_CIPHER_CTX_ctrl.3 \ EVP_CIPHER_CTX_get_cipher_data.3 \ + EVP_CIPHER_CTX_init.3 \ EVP_CIPHER_CTX_set_flags.3 \ EVP_CIPHER_do_all.3 \ EVP_CIPHER_meth_new.3 \ diff --git a/lib/libcrypto/man/evp.3 b/lib/libcrypto/man/evp.3 index 9ae301266..9ce7ac83a 100644 --- a/lib/libcrypto/man/evp.3 +++ b/lib/libcrypto/man/evp.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: evp.3,v 1.25 2023/11/19 10:25:28 tb Exp $ +.\" $OpenBSD: evp.3,v 1.26 2023/12/01 10:40:21 schwarze Exp $ .\" full merge up to: OpenSSL man7/evp 24a535ea Sep 22 13:14:20 2020 +0100 .\" .\" This file was written by Ulf Moeller , @@ -51,7 +51,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 19 2023 $ +.Dd $Mdocdate: December 1 2023 $ .Dt EVP 3 .Os .Sh NAME @@ -175,6 +175,7 @@ family of functions provides base64 encoding and decoding. .Xr EVP_chacha20 3 , .Xr EVP_CIPHER_CTX_ctrl 3 , .Xr EVP_CIPHER_CTX_get_cipher_data 3 , +.Xr EVP_CIPHER_CTX_init 3 , .Xr EVP_CIPHER_CTX_set_flags 3 , .Xr EVP_CIPHER_do_all 3 , .Xr EVP_CIPHER_meth_new 3 , diff --git a/regress/usr.sbin/relayd/args-http-chunked-invalid.pl b/regress/usr.sbin/relayd/args-http-chunked-invalid.pl new file mode 100644 index 000000000..ffe0751ab --- /dev/null +++ b/regress/usr.sbin/relayd/args-http-chunked-invalid.pl @@ -0,0 +1,52 @@ +# Test parsing of invalid chunk length values +# We force multiple connections since relayd will abort the connection +# when it encounters a bogus chunk size. +# + +use strict; +use warnings; + +my @lengths = (7, 6, 5, 4, 3, 2); +my @chunks = ("0x4", "+3", "-0", "foo", "dead beef", "Ff0"); +our %args = ( + client => { + func => sub { + my $self = shift; + my $chunk = shift(@chunks); + $self->{redo} = int(@chunks); + print <<"EOF"; +PUT /4/3 HTTP/1.1 +Host: foo.bar +Transfer-Encoding: chunked + +$chunk + +EOF + foreach (@lengths) { + print STDERR "LEN: $_\n"; + } + # relayd does not forward the first chunk if the second one + # is invalid. So do not expect any response. + #http_response($self, "without len"); + }, + http_vers => ["1.1"], + lengths => \@lengths, + method => "PUT", + }, + relayd => { + protocol => [ "http", + "match request header log foo", + "match response header log bar", + ], + loggrep => { + qr/, invalid chunk size, PUT/ => 5, + }, + }, + server => { + func => \&http_server, + nocheck => 1, + }, + lengths => \@lengths, +); + +1; diff --git a/regress/usr.sbin/relayd/args-http-contentlength-get.pl b/regress/usr.sbin/relayd/args-http-contentlength-get.pl new file mode 100644 index 000000000..01dfa221d --- /dev/null +++ b/regress/usr.sbin/relayd/args-http-contentlength-get.pl @@ -0,0 +1,50 @@ +# Test to verify that relayd strips Content-Length and body +# from GET requests. + +use strict; +use warnings; + +my $payload_len = 64; +our %args = ( + client => { + func => sub { + my $self = shift; + my @request_stream = split("\n", <<"EOF", -1); +GET http://foo.bar/$payload_len HTTP/1.1 +Content-Length: $payload_len + +foo=bar + +EOF + pop @request_stream; + print map { "$_\r\n" } @request_stream; + print STDERR map { ">>> $_\n" } @request_stream; + $self->{method} = 'GET'; + http_response($self, $payload_len); + }, + loggrep => { + qr/Content-Length: $payload_len/ => 2, + qr/foo=bar/ => 1, + }, + http_vers => ["1.1"], + nocheck => 1, + }, + relayd => { + protocol => [ "http", + "match request path log \"*\"", + ], + loggrep => { + qr/, done, \[http:\/\/foo.bar\/$payload_len\] GET/ => 1, + }, + }, + server => { + func => \&http_server, + loggrep => { + qr/Content-Length: $payload_len/ => 1, + qr/foo=bar/ => 0, + }, + nocheck => 1, + }, +); + +1; diff --git a/regress/usr.sbin/relayd/args-http-contentlength-invalid.pl b/regress/usr.sbin/relayd/args-http-contentlength-invalid.pl new file mode 100644 index 000000000..5b7ad2d9e --- /dev/null +++ b/regress/usr.sbin/relayd/args-http-contentlength-invalid.pl @@ -0,0 +1,40 @@ +# Test that relayd aborts the connection if Content-Length is invalid +# We test "+0" because it is accepted by strtol(), sscanf(), etc +# but is not legal according to the RFC. + +use strict; +use warnings; + +our %args = ( + client => { + func => sub { + my $self = shift; + print <<"EOF"; +PUT /1 HTTP/1.1 +Host: www.foo.com +Content-Length: +0 + +EOF + # no http_response($self, 1); + }, + http_vers => ["1.1"], + nocheck => 1, + method => "PUT", + }, + relayd => { + protocol => [ "http", + "match request header log Host", + ], + loggrep => { + qr/, invalid$/ => 1, + qr/\[Host: www.foo.com\] PUT/ => 0, + }, + }, + server => { + func => \&http_server, + nocheck => 1, + noserver => 1, + } +); + +1; diff --git a/regress/usr.sbin/relayd/args-http-invalid-header1.pl b/regress/usr.sbin/relayd/args-http-invalid-header1.pl new file mode 100644 index 000000000..c12f21d65 --- /dev/null +++ b/regress/usr.sbin/relayd/args-http-invalid-header1.pl @@ -0,0 +1,38 @@ +# Test that relayd aborts the connection if a header name has invalid chars + +use strict; +use warnings; + +our %args = ( + client => { + func => sub { + my $self = shift; + print <<"EOF"; +GET /1 HTTP/1.1 +Host: www.foo.com +X-Header Client: ABC + +EOF + # no http_response($self, 1); + }, + http_vers => ["1.1"], + nocheck => 1, + method => "GET", + }, + relayd => { + protocol => [ "http", + "match request header log Host", + ], + loggrep => { + qr/, malformed$/ => 1, + qr/\[Host: www.foo.com\] GET/ => 0, + }, + }, + server => { + func => \&http_server, + nocheck => 1, + noserver => 1, + } +); + +1; diff --git a/regress/usr.sbin/relayd/args-http-invalid-header2.pl b/regress/usr.sbin/relayd/args-http-invalid-header2.pl new file mode 100644 index 000000000..cb9d8b3d7 --- /dev/null +++ b/regress/usr.sbin/relayd/args-http-invalid-header2.pl @@ -0,0 +1,38 @@ +# Test that relayd aborts the connection if a header include a NUL byte + +use strict; +use warnings; + +our %args = ( + client => { + func => sub { + my $self = shift; + print <<"EOF"; +GET /1 HTTP/1.1 +Host: www.foo.com +X-Header-Client: ABC\0D + +EOF + # no http_response($self, 1); + }, + http_vers => ["1.1"], + nocheck => 1, + method => "GET", + }, + relayd => { + protocol => [ "http", + "match request header log Host", + ], + loggrep => { + qr/, malformed$/ => 1, + qr/\[Host: www.foo.com\] GET/ => 0, + }, + }, + server => { + func => \&http_server, + nocheck => 1, + noserver => 1, + } +); + +1; diff --git a/share/man/man4/ugold.4 b/share/man/man4/ugold.4 index d2f4b3078..78e328ac7 100644 --- a/share/man/man4/ugold.4 +++ b/share/man/man4/ugold.4 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ugold.4,v 1.7 2023/04/02 17:03:14 miod Exp $ +.\" $OpenBSD: ugold.4,v 1.8 2023/11/30 20:08:23 miod Exp $ .\" .\" Copyright (c) 2013 Takayoshi SASANO .\" Copyright (c) 2013 Martin Pieuchot @@ -16,7 +16,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: April 2 2023 $ +.Dd $Mdocdate: November 30 2023 $ .Dt UGOLD 4 .Os .Sh NAME @@ -35,10 +35,13 @@ driver: .It Em "Device" Ta Em "Sensors" .It Li "RDing TEMPer1V1.2" Ta "1 Temperature" .It Li "RDing TEMPerV1.4" Ta "1 Temperature" +.It Li "RDing TEMPer1F_V4.1" Ta "1 Temperature (external)" +.It Li "RDing TEMPer2_V4.1" Ta "2 Temperature (internal/external)" .It Li "RDing TEMPerGold_V3.1" Ta "1 Temperature" .It Li "RDing TEMPerGold_V3.4" Ta "1 Temperature" -.It Li "RDing TEMPerHUM1V1.0" Ta "1 Temperature and 1 Humidity" -.It Li "RDing TEMPerHUM1V1.2" Ta "1 Temperature and 1 Humidity" +.It Li "RDing TEMPerHum1V1.0" Ta "1 Temperature and 1 Humidity" +.It Li "RDing TEMPerHum1V1.2" Ta "1 Temperature and 1 Humidity" +.It Li "RDing TEMPerHUM_V4.0" Ta "1 Temperature and 1 Humidity" .It Li "RDing TEMPer1F_H1V1.5F" Ta "1 Temperature and 1 Humidity" .It Li "RDing TEMPerX_V3.1" Ta "1 Temperature and 1 Humidity" .It Li "RDing TEMPerX_V3.3" Ta "1 Temperature and 1 Humidity" diff --git a/sys/dev/pci/pcidevs b/sys/dev/pci/pcidevs index 481a0b68f..b499f47bf 100644 --- a/sys/dev/pci/pcidevs +++ b/sys/dev/pci/pcidevs @@ -1,4 +1,4 @@ -$OpenBSD: pcidevs,v 1.2058 2023/11/29 06:46:29 jmatthew Exp $ +$OpenBSD: pcidevs,v 1.2059 2023/12/01 05:48:39 jsg Exp $ /* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */ /* @@ -818,6 +818,22 @@ product AMD 19_6X_DF_5 0x14e4 19h/6xh Data Fabric product AMD 19_6X_DF_6 0x14e5 19h/6xh Data Fabric product AMD 19_6X_DF_7 0x14e6 19h/6xh Data Fabric product AMD 19_6X_DF_8 0x14e7 19h/6xh Data Fabric +product AMD 19_7X_RC 0x14e8 19h/7xh Root Complex +product AMD 19_7X_IOMMU 0x14e9 19h/7xh IOMMU +product AMD 19_7X_HB 0x14ea 19h/7xh Host +product AMD 19_7X_PCIE_1 0x14eb 19h/7xh PCIE +product AMD 19_7X_PCIE_2 0x14ed 19h/7xh PCIE +product AMD 19_7X_PCIE_3 0x14ee 19h/7xh PCIE +product AMD 19_7X_PCIE_4 0x14ef 19h/7xh PCIE +product AMD 19_7X_DF_1 0x14f0 19h/7xh Data Fabric +product AMD 19_7X_DF_2 0x14f1 19h/7xh Data Fabric +product AMD 19_7X_DF_3 0x14f2 19h/7xh Data Fabric +product AMD 19_7X_DF_4 0x14f3 19h/7xh Data Fabric +product AMD 19_7X_DF_5 0x14f4 19h/7xh Data Fabric +product AMD 19_7X_DF_6 0x14f5 19h/7xh Data Fabric +product AMD 19_7X_DF_7 0x14f6 19h/7xh Data Fabric +product AMD 19_7X_DF_8 0x14f7 19h/7xh Data Fabric +product AMD 19_7X_IPU 0x1502 19h/7xh IPU product AMD 14_HB 0x1510 14h Host product AMD 14_PCIE_1 0x1512 14h PCIE product AMD 14_PCIE_2 0x1513 14h PCIE @@ -855,6 +871,11 @@ product AMD 16_3X_MISC_2 0x1585 16h Misc Cfg product AMD 19_6X_XHCI_1 0x15b6 19h/6xh xHCI product AMD 19_6X_XHCI_2 0x15b7 19h/6xh xHCI product AMD 19_6X_XHCI_3 0x15b8 19h/6xh xHCI +product AMD 19_7X_XHCI_1 0x15b9 19h/7xh xHCI +product AMD 19_7X_XHCI_2 0x15ba 19h/7xh xHCI +product AMD 19_7X_XHCI_3 0x15c0 19h/7xh xHCI +product AMD 19_7X_XHCI_4 0x15c1 19h/7xh xHCI +product AMD 19_7X_PSP 0x15c7 19h/7xh PSP product AMD 17_1X_RC 0x15d0 17h/1xh Root Complex product AMD 17_1X_IOMMU 0x15d1 17h/1xh IOMMU product AMD 17_1X_PCIE_1 0x15d3 17h/1xh PCIE @@ -906,6 +927,8 @@ product AMD 17_90_DF_4 0x1664 17h/90h Data Fabric product AMD 17_90_DF_5 0x1665 17h/90h Data Fabric product AMD 17_90_DF_6 0x1666 17h/90h Data Fabric product AMD 17_90_DF_7 0x1667 17h/90h Data Fabric +product AMD 19_7X_USB4_1 0x1668 19h/7xh USB4 +product AMD 19_7X_USB4_2 0x1669 19h/7xh USB4 product AMD 19_5X_DF_0 0x166a 19h/5xh Data Fabric product AMD 19_5X_DF_1 0x166b 19h/5xh Data Fabric product AMD 19_5X_DF_2 0x166c 19h/5xh Data Fabric diff --git a/sys/dev/pci/pcidevs.h b/sys/dev/pci/pcidevs.h index a9d549945..68400eb78 100644 --- a/sys/dev/pci/pcidevs.h +++ b/sys/dev/pci/pcidevs.h @@ -2,7 +2,7 @@ * THIS FILE AUTOMATICALLY GENERATED. DO NOT EDIT. * * generated from: - * OpenBSD: pcidevs,v 1.2058 2023/11/29 06:46:29 jmatthew Exp + * OpenBSD: pcidevs,v 1.2059 2023/12/01 05:48:39 jsg Exp */ /* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */ @@ -823,6 +823,22 @@ #define PCI_PRODUCT_AMD_19_6X_DF_6 0x14e5 /* 19h/6xh Data Fabric */ #define PCI_PRODUCT_AMD_19_6X_DF_7 0x14e6 /* 19h/6xh Data Fabric */ #define PCI_PRODUCT_AMD_19_6X_DF_8 0x14e7 /* 19h/6xh Data Fabric */ +#define PCI_PRODUCT_AMD_19_7X_RC 0x14e8 /* 19h/7xh Root Complex */ +#define PCI_PRODUCT_AMD_19_7X_IOMMU 0x14e9 /* 19h/7xh IOMMU */ +#define PCI_PRODUCT_AMD_19_7X_HB 0x14ea /* 19h/7xh Host */ +#define PCI_PRODUCT_AMD_19_7X_PCIE_1 0x14eb /* 19h/7xh PCIE */ +#define PCI_PRODUCT_AMD_19_7X_PCIE_2 0x14ed /* 19h/7xh PCIE */ +#define PCI_PRODUCT_AMD_19_7X_PCIE_3 0x14ee /* 19h/7xh PCIE */ +#define PCI_PRODUCT_AMD_19_7X_PCIE_4 0x14ef /* 19h/7xh PCIE */ +#define PCI_PRODUCT_AMD_19_7X_DF_1 0x14f0 /* 19h/7xh Data Fabric */ +#define PCI_PRODUCT_AMD_19_7X_DF_2 0x14f1 /* 19h/7xh Data Fabric */ +#define PCI_PRODUCT_AMD_19_7X_DF_3 0x14f2 /* 19h/7xh Data Fabric */ +#define PCI_PRODUCT_AMD_19_7X_DF_4 0x14f3 /* 19h/7xh Data Fabric */ +#define PCI_PRODUCT_AMD_19_7X_DF_5 0x14f4 /* 19h/7xh Data Fabric */ +#define PCI_PRODUCT_AMD_19_7X_DF_6 0x14f5 /* 19h/7xh Data Fabric */ +#define PCI_PRODUCT_AMD_19_7X_DF_7 0x14f6 /* 19h/7xh Data Fabric */ +#define PCI_PRODUCT_AMD_19_7X_DF_8 0x14f7 /* 19h/7xh Data Fabric */ +#define PCI_PRODUCT_AMD_19_7X_IPU 0x1502 /* 19h/7xh IPU */ #define PCI_PRODUCT_AMD_14_HB 0x1510 /* 14h Host */ #define PCI_PRODUCT_AMD_14_PCIE_1 0x1512 /* 14h PCIE */ #define PCI_PRODUCT_AMD_14_PCIE_2 0x1513 /* 14h PCIE */ @@ -860,6 +876,11 @@ #define PCI_PRODUCT_AMD_19_6X_XHCI_1 0x15b6 /* 19h/6xh xHCI */ #define PCI_PRODUCT_AMD_19_6X_XHCI_2 0x15b7 /* 19h/6xh xHCI */ #define PCI_PRODUCT_AMD_19_6X_XHCI_3 0x15b8 /* 19h/6xh xHCI */ +#define PCI_PRODUCT_AMD_19_7X_XHCI_1 0x15b9 /* 19h/7xh xHCI */ +#define PCI_PRODUCT_AMD_19_7X_XHCI_2 0x15ba /* 19h/7xh xHCI */ +#define PCI_PRODUCT_AMD_19_7X_XHCI_3 0x15c0 /* 19h/7xh xHCI */ +#define PCI_PRODUCT_AMD_19_7X_XHCI_4 0x15c1 /* 19h/7xh xHCI */ +#define PCI_PRODUCT_AMD_19_7X_PSP 0x15c7 /* 19h/7xh PSP */ #define PCI_PRODUCT_AMD_17_1X_RC 0x15d0 /* 17h/1xh Root Complex */ #define PCI_PRODUCT_AMD_17_1X_IOMMU 0x15d1 /* 17h/1xh IOMMU */ #define PCI_PRODUCT_AMD_17_1X_PCIE_1 0x15d3 /* 17h/1xh PCIE */ @@ -911,6 +932,8 @@ #define PCI_PRODUCT_AMD_17_90_DF_5 0x1665 /* 17h/90h Data Fabric */ #define PCI_PRODUCT_AMD_17_90_DF_6 0x1666 /* 17h/90h Data Fabric */ #define PCI_PRODUCT_AMD_17_90_DF_7 0x1667 /* 17h/90h Data Fabric */ +#define PCI_PRODUCT_AMD_19_7X_USB4_1 0x1668 /* 19h/7xh USB4 */ +#define PCI_PRODUCT_AMD_19_7X_USB4_2 0x1669 /* 19h/7xh USB4 */ #define PCI_PRODUCT_AMD_19_5X_DF_0 0x166a /* 19h/5xh Data Fabric */ #define PCI_PRODUCT_AMD_19_5X_DF_1 0x166b /* 19h/5xh Data Fabric */ #define PCI_PRODUCT_AMD_19_5X_DF_2 0x166c /* 19h/5xh Data Fabric */ diff --git a/sys/dev/pci/pcidevs_data.h b/sys/dev/pci/pcidevs_data.h index 809b6cd06..b32dbbdf6 100644 --- a/sys/dev/pci/pcidevs_data.h +++ b/sys/dev/pci/pcidevs_data.h @@ -2,7 +2,7 @@ * THIS FILE AUTOMATICALLY GENERATED. DO NOT EDIT. * * generated from: - * OpenBSD: pcidevs,v 1.2058 2023/11/29 06:46:29 jmatthew Exp + * OpenBSD: pcidevs,v 1.2059 2023/12/01 05:48:39 jsg Exp */ /* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */ @@ -1535,6 +1535,70 @@ static const struct pci_known_product pci_known_products[] = { PCI_VENDOR_AMD, PCI_PRODUCT_AMD_19_6X_DF_8, "19h/6xh Data Fabric", }, + { + PCI_VENDOR_AMD, PCI_PRODUCT_AMD_19_7X_RC, + "19h/7xh Root Complex", + }, + { + PCI_VENDOR_AMD, PCI_PRODUCT_AMD_19_7X_IOMMU, + "19h/7xh IOMMU", + }, + { + PCI_VENDOR_AMD, PCI_PRODUCT_AMD_19_7X_HB, + "19h/7xh Host", + }, + { + PCI_VENDOR_AMD, PCI_PRODUCT_AMD_19_7X_PCIE_1, + "19h/7xh PCIE", + }, + { + PCI_VENDOR_AMD, PCI_PRODUCT_AMD_19_7X_PCIE_2, + "19h/7xh PCIE", + }, + { + PCI_VENDOR_AMD, PCI_PRODUCT_AMD_19_7X_PCIE_3, + "19h/7xh PCIE", + }, + { + PCI_VENDOR_AMD, PCI_PRODUCT_AMD_19_7X_PCIE_4, + "19h/7xh PCIE", + }, + { + PCI_VENDOR_AMD, PCI_PRODUCT_AMD_19_7X_DF_1, + "19h/7xh Data Fabric", + }, + { + PCI_VENDOR_AMD, PCI_PRODUCT_AMD_19_7X_DF_2, + "19h/7xh Data Fabric", + }, + { + PCI_VENDOR_AMD, PCI_PRODUCT_AMD_19_7X_DF_3, + "19h/7xh Data Fabric", + }, + { + PCI_VENDOR_AMD, PCI_PRODUCT_AMD_19_7X_DF_4, + "19h/7xh Data Fabric", + }, + { + PCI_VENDOR_AMD, PCI_PRODUCT_AMD_19_7X_DF_5, + "19h/7xh Data Fabric", + }, + { + PCI_VENDOR_AMD, PCI_PRODUCT_AMD_19_7X_DF_6, + "19h/7xh Data Fabric", + }, + { + PCI_VENDOR_AMD, PCI_PRODUCT_AMD_19_7X_DF_7, + "19h/7xh Data Fabric", + }, + { + PCI_VENDOR_AMD, PCI_PRODUCT_AMD_19_7X_DF_8, + "19h/7xh Data Fabric", + }, + { + PCI_VENDOR_AMD, PCI_PRODUCT_AMD_19_7X_IPU, + "19h/7xh IPU", + }, { PCI_VENDOR_AMD, PCI_PRODUCT_AMD_14_HB, "14h Host", @@ -1683,6 +1747,26 @@ static const struct pci_known_product pci_known_products[] = { PCI_VENDOR_AMD, PCI_PRODUCT_AMD_19_6X_XHCI_3, "19h/6xh xHCI", }, + { + PCI_VENDOR_AMD, PCI_PRODUCT_AMD_19_7X_XHCI_1, + "19h/7xh xHCI", + }, + { + PCI_VENDOR_AMD, PCI_PRODUCT_AMD_19_7X_XHCI_2, + "19h/7xh xHCI", + }, + { + PCI_VENDOR_AMD, PCI_PRODUCT_AMD_19_7X_XHCI_3, + "19h/7xh xHCI", + }, + { + PCI_VENDOR_AMD, PCI_PRODUCT_AMD_19_7X_XHCI_4, + "19h/7xh xHCI", + }, + { + PCI_VENDOR_AMD, PCI_PRODUCT_AMD_19_7X_PSP, + "19h/7xh PSP", + }, { PCI_VENDOR_AMD, PCI_PRODUCT_AMD_17_1X_RC, "17h/1xh Root Complex", @@ -1887,6 +1971,14 @@ static const struct pci_known_product pci_known_products[] = { PCI_VENDOR_AMD, PCI_PRODUCT_AMD_17_90_DF_7, "17h/90h Data Fabric", }, + { + PCI_VENDOR_AMD, PCI_PRODUCT_AMD_19_7X_USB4_1, + "19h/7xh USB4", + }, + { + PCI_VENDOR_AMD, PCI_PRODUCT_AMD_19_7X_USB4_2, + "19h/7xh USB4", + }, { PCI_VENDOR_AMD, PCI_PRODUCT_AMD_19_5X_DF_0, "19h/5xh Data Fabric", diff --git a/sys/dev/usb/ugold.c b/sys/dev/usb/ugold.c index bfc155b86..a5bd162e4 100644 --- a/sys/dev/usb/ugold.c +++ b/sys/dev/usb/ugold.c @@ -1,9 +1,10 @@ -/* $OpenBSD: ugold.c,v 1.23 2023/04/19 04:51:53 miod Exp $ */ +/* $OpenBSD: ugold.c,v 1.24 2023/11/30 20:08:23 miod Exp $ */ /* * Copyright (c) 2013 Takayoshi SASANO * Copyright (c) 2013 Martin Pieuchot * Copyright (c) 2015 Joerg Jung + * Copyright (c) 2023 Miodrag Vallat. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -44,11 +45,13 @@ #define UGOLD_CMD_DATA 0x80 #define UGOLD_CMD_INIT 0x82 +#define UGOLD_TYPE_INVALID -1 #define UGOLD_TYPE_SI7005 1 #define UGOLD_TYPE_SI7006 2 #define UGOLD_TYPE_SHT1X 3 #define UGOLD_TYPE_GOLD 4 #define UGOLD_TYPE_TEMPERX 5 +#define UGOLD_TYPE_DS75 6 /* * This driver uses three known commands for the TEMPer and TEMPerHUM @@ -69,6 +72,13 @@ static uint8_t cmd_data[8] = { 0x01, 0x80, 0x33, 0x01, 0x00, 0x00, 0x00, 0x00 }; static uint8_t cmd_init[8] = { 0x01, 0x82, 0x77, 0x01, 0x00, 0x00, 0x00, 0x00 }; static uint8_t cmd_type[8] = { 0x01, 0x86, 0xff, 0x01, 0x00, 0x00, 0x00, 0x00 }; +/* + * The following command is also recognized and reports some kind of status + * byte (i.e. 87 xx 00 00 00 00 00 00). + { 0x01, 0x87, 0xee, 0x01, 0x00, 0x00, 0x00, 0x00 }; + */ + +struct ugold_softc; struct ugold_softc { struct uhidev sc_hdev; @@ -77,15 +87,21 @@ struct ugold_softc { int sc_num_sensors; int sc_type; + char sc_model[16 + 1]; + unsigned int sc_model_len; + struct ksensor sc_sensor[UGOLD_MAX_SENSORS]; struct ksensordev sc_sensordev; struct sensor_task *sc_sensortask; + + void (*sc_intr)(struct ugold_softc *, uint8_t *, u_int); }; const struct usb_devno ugold_devs[] = { { USB_VENDOR_MICRODIA, USB_PRODUCT_MICRODIA_TEMPER }, { USB_VENDOR_MICRODIA, USB_PRODUCT_MICRODIA_TEMPERHUM }, { USB_VENDOR_PCSENSORS, USB_PRODUCT_PCSENSORS_TEMPER }, + { USB_VENDOR_RDING, USB_PRODUCT_RDING_TEMPER }, { USB_VENDOR_WCH2, USB_PRODUCT_WCH2_TEMPER }, }; @@ -93,8 +109,10 @@ int ugold_match(struct device *, void *, void *); void ugold_attach(struct device *, struct device *, void *); int ugold_detach(struct device *, int); -void ugold_ds75_intr(struct uhidev *, void *, u_int); -void ugold_si700x_intr(struct uhidev *, void *, u_int); +void ugold_setup_sensors(struct ugold_softc *); +void ugold_intr(struct uhidev *, void *, u_int); +void ugold_ds75_intr(struct ugold_softc *, uint8_t *, u_int); +void ugold_si700x_intr(struct ugold_softc *, uint8_t *, u_int); void ugold_refresh(void *); int ugold_issue_cmd(struct ugold_softc *, uint8_t *, int); @@ -146,14 +164,16 @@ ugold_attach(struct device *parent, struct device *self, void *aux) sc->sc_udev = uha->parent->sc_udev; sc->sc_hdev.sc_parent = uha->parent; sc->sc_hdev.sc_report_id = uha->reportid; + sc->sc_hdev.sc_intr = ugold_intr; switch (uha->uaa->product) { case USB_PRODUCT_MICRODIA_TEMPER: - sc->sc_hdev.sc_intr = ugold_ds75_intr; + sc->sc_intr = ugold_ds75_intr; break; case USB_PRODUCT_MICRODIA_TEMPERHUM: case USB_PRODUCT_PCSENSORS_TEMPER: + case USB_PRODUCT_RDING_TEMPER: case USB_PRODUCT_WCH2_TEMPER: - sc->sc_hdev.sc_intr = ugold_si700x_intr; + sc->sc_intr = ugold_si700x_intr; break; default: printf(", unknown product\n"); @@ -174,33 +194,7 @@ ugold_attach(struct device *parent, struct device *self, void *aux) strlcpy(sc->sc_sensordev.xname, sc->sc_hdev.sc_dev.dv_xname, sizeof(sc->sc_sensordev.xname)); - switch (uha->uaa->product) { - case USB_PRODUCT_MICRODIA_TEMPER: - /* 2 temperature sensors */ - sc->sc_sensor[UGOLD_INNER].type = SENSOR_TEMP; - strlcpy(sc->sc_sensor[UGOLD_INNER].desc, "inner", - sizeof(sc->sc_sensor[UGOLD_INNER].desc)); - sc->sc_sensor[UGOLD_OUTER].type = SENSOR_TEMP; - strlcpy(sc->sc_sensor[UGOLD_OUTER].desc, "outer", - sizeof(sc->sc_sensor[UGOLD_OUTER].desc)); - break; - case USB_PRODUCT_MICRODIA_TEMPERHUM: - case USB_PRODUCT_PCSENSORS_TEMPER: - case USB_PRODUCT_WCH2_TEMPER: - /* 1 temperature and 1 humidity sensor */ - sc->sc_sensor[UGOLD_INNER].type = SENSOR_TEMP; - strlcpy(sc->sc_sensor[UGOLD_INNER].desc, "inner", - sizeof(sc->sc_sensor[UGOLD_INNER].desc)); - sc->sc_sensor[UGOLD_HUM].type = SENSOR_HUMIDITY; - strlcpy(sc->sc_sensor[UGOLD_HUM].desc, "RH", - sizeof(sc->sc_sensor[UGOLD_HUM].desc)); - break; - default: - printf(", unknown product\n"); - return; - } - - /* 0.1Hz */ + /* 0.166Hz */ sc->sc_sensortask = sensor_task_register(sc, ugold_refresh, 6); if (sc->sc_sensortask == NULL) { printf(", unable to register update task\n"); @@ -208,6 +202,9 @@ ugold_attach(struct device *parent, struct device *self, void *aux) } printf("\n"); + /* speed up sensor identification */ + ugold_refresh(sc); + sensordev_install(&sc->sc_sensordev); } @@ -222,8 +219,10 @@ ugold_detach(struct device *self, int flags) sensordev_deinstall(&sc->sc_sensordev); } - for (i = 0; i < sc->sc_num_sensors; i++) - sensor_detach(&sc->sc_sensordev, &sc->sc_sensor[i]); + if (sc->sc_type != UGOLD_TYPE_INVALID) { + for (i = 0; i < sc->sc_num_sensors; i++) + sensor_detach(&sc->sc_sensordev, &sc->sc_sensor[i]); + } if (sc->sc_hdev.sc_state & UHIDEV_OPEN) uhidev_close(&sc->sc_hdev); @@ -231,6 +230,72 @@ ugold_detach(struct device *self, int flags) return (0); } +void +ugold_setup_sensors(struct ugold_softc *sc) +{ + int i; + + switch (sc->sc_type) { + default: + return; + case UGOLD_TYPE_SI7005: + case UGOLD_TYPE_SI7006: + case UGOLD_TYPE_SHT1X: + case UGOLD_TYPE_TEMPERX: + /* 1 temperature and 1 humidity sensor */ + sc->sc_sensor[UGOLD_INNER].type = SENSOR_TEMP; + strlcpy(sc->sc_sensor[UGOLD_INNER].desc, "inner", + sizeof(sc->sc_sensor[UGOLD_INNER].desc)); + sc->sc_sensor[UGOLD_HUM].type = SENSOR_HUMIDITY; + strlcpy(sc->sc_sensor[UGOLD_HUM].desc, "RH", + sizeof(sc->sc_sensor[UGOLD_HUM].desc)); + break; + case UGOLD_TYPE_GOLD: + case UGOLD_TYPE_DS75: + /* up to 2 temperature sensors */ + sc->sc_sensor[UGOLD_INNER].type = SENSOR_TEMP; + strlcpy(sc->sc_sensor[UGOLD_INNER].desc, "inner", + sizeof(sc->sc_sensor[UGOLD_INNER].desc)); + sc->sc_sensor[UGOLD_OUTER].type = SENSOR_TEMP; + strlcpy(sc->sc_sensor[UGOLD_OUTER].desc, "outer", + sizeof(sc->sc_sensor[UGOLD_OUTER].desc)); + break; + } + for (i = 0; i < sc->sc_num_sensors; i++) { + sc->sc_sensor[i].flags |= SENSOR_FINVALID; + sensor_attach(&sc->sc_sensordev, &sc->sc_sensor[i]); + } +} + +static void +strnvis(char *dst, const char *src, size_t siz) +{ + char *start, *end; + int c; + + for (start = dst, end = start + siz - 1; (c = *src) && dst < end; ) { + if (c >= 0x20 && c <= 0x7f) { + if (c == '\\') { + /* need space for the extra '\\' */ + if (dst + 2 > end) + break; + *dst++ = '\\'; + } + *dst++ = c; + } else { + if (dst + 4 > end) + break; + *dst++ = '\\'; + *dst++ = ((u_char)c >> 6 & 07) + '0'; + *dst++ = ((u_char)c >> 3 & 07) + '0'; + *dst++ = ((u_char)c & 07) + '0'; + } + src++; + } + if (siz > 0) + *dst = '\0'; +} + static int ugold_ds75_temp(uint8_t msb, uint8_t lsb) { @@ -239,39 +304,42 @@ ugold_ds75_temp(uint8_t msb, uint8_t lsb) } static void -ugold_ds75_type(struct ugold_softc *sc, uint8_t *buf, u_int len) +ugold_ds75_type(struct ugold_softc *sc) { - if (memcmp(buf, "TEMPer1F", len) == 0 || - memcmp(buf, "TEMPer2F", len) == 0 || - memcmp(buf, "TEMPerF1", len) == 0) - return; /* skip first half of the answer */ + char model[4 * sizeof(sc->sc_model) + 1]; - printf("%s: %d sensor%s type ds75/12bit (temperature)\n", - sc->sc_hdev.sc_dev.dv_xname, sc->sc_num_sensors, - (sc->sc_num_sensors == 1) ? "" : "s"); + strnvis(model, sc->sc_model, sizeof model); - sc->sc_type = -1; /* ignore type */ + if (memcmp(sc->sc_model, "TEMPer1F", 8) == 0 || + memcmp(sc->sc_model, "TEMPer2F", 8) == 0 || + memcmp(sc->sc_model, "TEMPerF1", 8) == 0) { + sc->sc_type = UGOLD_TYPE_DS75; + ugold_setup_sensors(sc); + printf("%s: \"%s\", %d sensor%s" + " type ds75/12bit (temperature)\n", + sc->sc_hdev.sc_dev.dv_xname, model, sc->sc_num_sensors, + (sc->sc_num_sensors == 1) ? "" : "s"); + ugold_refresh(sc); + return; + } + + printf("%s: unknown model \"%s\"\n", + sc->sc_hdev.sc_dev.dv_xname, model); + sc->sc_num_sensors = 0; + sc->sc_type = UGOLD_TYPE_INVALID; } void -ugold_ds75_intr(struct uhidev *addr, void *ibuf, u_int len) +ugold_ds75_intr(struct ugold_softc *sc, uint8_t *buf, u_int len) { - struct ugold_softc *sc = (struct ugold_softc *)addr; - uint8_t *buf = ibuf; - int i, temp; + int temp; switch (buf[0]) { case UGOLD_CMD_INIT: - if (sc->sc_num_sensors) + if (sc->sc_num_sensors != 0) break; - - sc->sc_num_sensors = min(buf[1], UGOLD_MAX_SENSORS) /* XXX */; - - for (i = 0; i < sc->sc_num_sensors; i++) { - sc->sc_sensor[i].flags |= SENSOR_FINVALID; - sensor_attach(&sc->sc_sensordev, &sc->sc_sensor[i]); - } - + sc->sc_num_sensors = imin(buf[1], UGOLD_MAX_SENSORS) /* XXX */; + ugold_refresh(sc); break; case UGOLD_CMD_DATA: switch (buf[1]) { @@ -286,17 +354,16 @@ ugold_ds75_intr(struct uhidev *addr, void *ibuf, u_int len) sc->sc_sensor[UGOLD_INNER].flags &= ~SENSOR_FINVALID; break; default: +#ifdef UGOLD_DEBUG printf("%s: invalid data length (%d bytes)\n", sc->sc_hdev.sc_dev.dv_xname, buf[1]); +#endif + break; } break; default: - if (!sc->sc_type) { /* type command returns arbitrary string */ - ugold_ds75_type(sc, buf, len); - break; - } - printf("%s: unknown command 0x%02x\n", - sc->sc_hdev.sc_dev.dv_xname, buf[0]); + ugold_ds75_type(sc); + break; } } @@ -362,74 +429,146 @@ ugold_si700x_rhum(int type, uint8_t msb, uint8_t lsb, int temp) } static void -ugold_si700x_type(struct ugold_softc *sc, uint8_t *buf, u_int len) +ugold_si700x_type(struct ugold_softc *sc) { - if (memcmp(buf, "TEMPerHu", len) == 0 || - memcmp(buf, "TEMPer1F", len) == 0 || - memcmp(buf, "TEMPerX_", len) == 0 || - memcmp(buf, "TEMPerGo", len) == 0) - return; /* skip equal first half of the answer */ + char model[4 * sizeof(sc->sc_model) + 1]; + const char *descr; + int nsensors = 0; - printf("%s: %d sensor%s type ", sc->sc_hdev.sc_dev.dv_xname, - sc->sc_num_sensors, (sc->sc_num_sensors == 1) ? "" : "s"); + strnvis(model, sc->sc_model, sizeof model); - if (memcmp(buf, "mM12V1.0", len) == 0) { - sc->sc_type = UGOLD_TYPE_SI7005; - printf("si7005 (temperature and humidity)\n"); - } else if (memcmp(buf, "mM12V1.2", len) == 0) { - sc->sc_type = UGOLD_TYPE_SI7006; - printf("si7006 (temperature and humidity)\n"); - } else if (memcmp(buf, "_H1V1.5F", len) == 0) { - sc->sc_type = UGOLD_TYPE_SHT1X; - printf("sht1x (temperature and humidity)\n"); - } else if (memcmp(buf, "V3.1 ", len) == 0) { - sc->sc_type = UGOLD_TYPE_TEMPERX; - printf("temperx (temperature and humidity)\n"); - } else if (memcmp(buf, "V3.3 ", len) == 0) { - sc->sc_type = UGOLD_TYPE_TEMPERX; - printf("temperx (temperature and humidity)\n"); - } else if (memcmp(buf, "ld_V3.1 ", len) == 0) { - sc->sc_type = UGOLD_TYPE_GOLD; - printf("gold (temperature only)\n"); - } else if (memcmp(buf, "ld_V3.4 ", len) == 0) { - sc->sc_type = UGOLD_TYPE_GOLD; - printf("gold (temperature only)\n"); - } else { - sc->sc_type = -1; - printf("unknown\n"); + /* TEMPerHUM prefix */ + if (sc->sc_model_len >= 9 && + memcmp(sc->sc_model, "TEMPerHum", 9) == 0) { + if (memcmp(sc->sc_model + 9, "M12V1.0", 16 - 9) == 0) { + sc->sc_type = UGOLD_TYPE_SI7005; + descr = "si7005 (temperature and humidity)"; + goto identified; + } + if (memcmp(sc->sc_model + 9, "M12V1.2", 16 - 9) == 0) { + sc->sc_type = UGOLD_TYPE_SI7006; + descr = "si7006 (temperature and humidity)"; + goto identified; + } } + if (sc->sc_model_len >= 9 && + memcmp(sc->sc_model, "TEMPerHUM", 9) == 0) { + if (memcmp(sc->sc_model + 9, "_V4.0 ", 16 - 9) == 0) { + sc->sc_type = UGOLD_TYPE_TEMPERX; + descr = "temperx (temperature and humidity)"; + goto identified; + } + } + + /* TEMPerX prefix */ + if (sc->sc_model_len >= 8 && + memcmp(sc->sc_model, "TEMPerX_", 8) == 0) { + if (memcmp(sc->sc_model + 8, "V3.1 ", 16 - 8) == 0 || + memcmp(sc->sc_model + 8, "V3.3 ", 16 - 8) == 0) { + sc->sc_type = UGOLD_TYPE_TEMPERX; + descr = "temperx (temperature and humidity)"; + goto identified; + } + } + + /* TEMPer1F or TEMPer2_ prefixes */ + if (sc->sc_model_len >= 16 && + memcmp(sc->sc_model, "TEMPer1F_H1V1.5F", 16) == 0) { + sc->sc_type = UGOLD_TYPE_SHT1X; + descr = "sht1x (temperature and humidity)"; + goto identified; + } + if (sc->sc_model_len >= 16 && + (memcmp(sc->sc_model, "TEMPer1F_V4.1\0\0\0", 16) == 0 || + memcmp(sc->sc_model, "TEMPer2_V4.1\0\0\0\0", 16) == 0)) { + sc->sc_type = UGOLD_TYPE_GOLD; + /* + * TEMPer1F devices lack the internal sensor, but will never + * report data for it, so it will never gets marked as valid. + * We thus keep the value of sc_num_sensors unchanged at 2, + * and make sure we will only report one single sensor below. + */ + if (sc->sc_model[6] == '1') + nsensors = 1; + descr = "gold (temperature only)"; + goto identified; + } + + /* TEMPerGold prefix */ + if (sc->sc_model_len >= 11 && + memcmp(sc->sc_model, "TEMPerGold_", 11) == 0) { + if (memcmp(sc->sc_model + 11, "V3.1 ", 16 - 11) == 0 || + memcmp(sc->sc_model + 11, "V3.4 ", 16 - 11) == 0) { + sc->sc_type = UGOLD_TYPE_GOLD; + sc->sc_num_sensors = 1; + descr = "gold (temperature only)"; + goto identified; + } + } + + printf("%s: unknown model \"%s\"\n", + sc->sc_hdev.sc_dev.dv_xname, model); + sc->sc_num_sensors = 0; + sc->sc_type = UGOLD_TYPE_INVALID; + return; + + identified: + ugold_setup_sensors(sc); + if (nsensors == 0) + nsensors = sc->sc_num_sensors; + printf("%s: \"%s\", %d sensor%s type %s\n", sc->sc_hdev.sc_dev.dv_xname, + model, nsensors, (nsensors == 1) ? "" : "s", descr); + ugold_refresh(sc); } void -ugold_si700x_intr(struct uhidev *addr, void *ibuf, u_int len) +ugold_si700x_intr(struct ugold_softc *sc, uint8_t *buf, u_int len) { - struct ugold_softc *sc = (struct ugold_softc *)addr; - uint8_t *buf = ibuf; - int i, temp, rhum; + int temp, sensor, rhum; switch (buf[0]) { case UGOLD_CMD_INIT: - if (sc->sc_num_sensors) + if (sc->sc_num_sensors != 0) break; - - if (sc->sc_type == UGOLD_TYPE_GOLD) - sc->sc_num_sensors = 1; - else - sc->sc_num_sensors = min(buf[1], - UGOLD_MAX_SENSORS) /* XXX */; - - for (i = 0; i < sc->sc_num_sensors; i++) { - sc->sc_sensor[i].flags |= SENSOR_FINVALID; - sensor_attach(&sc->sc_sensordev, &sc->sc_sensor[i]); - } + /* XXX some devices report 0x04 here */ + sc->sc_num_sensors = imin(buf[1], UGOLD_MAX_SENSORS); + ugold_refresh(sc); break; case UGOLD_CMD_DATA: - if (buf[1] != 4 && buf[1] != 64 && buf[1] != 128) - printf("%s: invalid data length (%d bytes)\n", + if (sc->sc_type == UGOLD_TYPE_GOLD) { + if (buf[1] == 0x80) + sensor = UGOLD_INNER; + else if (buf[1] == 0x01) + sensor = UGOLD_OUTER; + else + sensor = -1; + } else { + if (buf[1] == 0x04 || buf[1] == 0x20 || + buf[1] == 0x40 || buf[1] == 0x80) + sensor = UGOLD_INNER; + else + sensor = -1; + } + if (sensor < 0) { + /* unexpected data, ignore */ +#ifdef UGOLD_DEBUG + printf("%s: unexpected sensor id %02x\n", sc->sc_hdev.sc_dev.dv_xname, buf[1]); +#endif + break; + } + temp = ugold_si700x_temp(sc->sc_type, buf[2], buf[3]); - sc->sc_sensor[UGOLD_INNER].value = (temp * 1000) + 273150000; - sc->sc_sensor[UGOLD_INNER].flags &= ~SENSOR_FINVALID; + sc->sc_sensor[sensor].value = (temp * 1000) + 273150000; + /* + * TEMPer1F and TEMPer2 report 200C when the sensor probe is + * missing or not plugged correctly. + */ + if (sc->sc_type == UGOLD_TYPE_GOLD && temp == 200000) + sc->sc_sensor[sensor].flags |= SENSOR_FINVALID; + else + sc->sc_sensor[sensor].flags &= ~SENSOR_FINVALID; + if (sc->sc_type != UGOLD_TYPE_GOLD) { rhum = ugold_si700x_rhum(sc->sc_type, buf[4], buf[5], temp); sc->sc_sensor[UGOLD_HUM].value = rhum; @@ -437,12 +576,58 @@ ugold_si700x_intr(struct uhidev *addr, void *ibuf, u_int len) } break; default: - if (!sc->sc_type) { /* type command returns arbitrary string */ - ugold_si700x_type(sc, buf, len); + ugold_si700x_type(sc); + break; + } +} + +void +ugold_intr(struct uhidev *addr, void *ibuf, u_int len) +{ + struct ugold_softc *sc = (struct ugold_softc *)addr; + uint8_t *buf = ibuf; + unsigned long chunk; + +#ifdef UGOLD_DEBUG + { + printf("%s: %u bytes\n", sc->sc_hdev.sc_dev.dv_xname, len); + u_int i; + for (i = 0; i < len; i++) { + if (i != 0 && (i % 8) == 0) + printf("\n"); + printf("%02x ", buf[i]); + } + printf("\n"); + } +#endif + + switch (buf[0]) { + case UGOLD_CMD_INIT: + case UGOLD_CMD_DATA: + (*sc->sc_intr)(sc, buf, len); + break; + default: + if (!sc->sc_type) { + /* + * Exact sensor type is not known yet, type command + * returns arbitrary string. + */ + chunk = ulmin(len, + sizeof(sc->sc_model) - 1 - sc->sc_model_len); + if (chunk != 0) { + memcpy(sc->sc_model + sc->sc_model_len, buf, + chunk); + sc->sc_model_len += chunk; + } + if (sc->sc_model_len > 8) { + /* should have enough data now */ + (*sc->sc_intr)(sc, buf, len); + } break; } printf("%s: unknown command 0x%02x\n", sc->sc_hdev.sc_dev.dv_xname, buf[0]); + break; } } @@ -452,6 +637,13 @@ ugold_refresh(void *arg) struct ugold_softc *sc = arg; int i; + /* + * Don't waste time talking to the device if we don't understand + * its language. + */ + if (sc->sc_type == UGOLD_TYPE_INVALID) + return; + if (!sc->sc_num_sensors) { ugold_issue_cmd(sc, cmd_init, sizeof(cmd_init)); return; diff --git a/sys/net/pf.c b/sys/net/pf.c index 1ebe7149d..11cefc790 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.1188 2023/10/10 16:26:06 bluhm Exp $ */ +/* $OpenBSD: pf.c,v 1.1189 2023/12/01 10:28:32 sashan Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -469,6 +469,15 @@ pf_state_list_remove(struct pf_state_list *pfs, struct pf_state *st) pf_state_unref(st); /* list no longer references the state */ } +void +pf_update_state_timeout(struct pf_state *st, int to) +{ + mtx_enter(&st->mtx); + if (st->timeout != PFTM_UNLINKED) + st->timeout = to; + mtx_leave(&st->mtx); +} + int pf_src_connlimit(struct pf_state **stp) { @@ -549,7 +558,7 @@ pf_src_connlimit(struct pf_state **stp) ((*stp)->rule.ptr->flush & PF_FLUSH_GLOBAL || (*stp)->rule.ptr == st->rule.ptr)) { - st->timeout = PFTM_PURGE; + pf_update_state_timeout(st, PFTM_PURGE); pf_set_protostate(st, PF_PEER_BOTH, TCPS_CLOSED); killed++; @@ -563,7 +572,7 @@ pf_src_connlimit(struct pf_state **stp) } /* kill this state */ - (*stp)->timeout = PFTM_PURGE; + pf_update_state_timeout(*stp, PFTM_PURGE); pf_set_protostate(*stp, PF_PEER_BOTH, TCPS_CLOSED); return (1); } @@ -1758,10 +1767,13 @@ pf_remove_state(struct pf_state *st) { PF_ASSERT_LOCKED(); - if (st->timeout == PFTM_UNLINKED) + mtx_enter(&st->mtx); + if (st->timeout == PFTM_UNLINKED) { + mtx_leave(&st->mtx); return; - + } st->timeout = PFTM_UNLINKED; + mtx_leave(&st->mtx); /* handle load balancing related tasks */ pf_postprocess_addr(st); @@ -1816,7 +1828,8 @@ pf_remove_divert_state(struct pf_state_key *sk) sist->dst.state < TCPS_FIN_WAIT_2) { pf_set_protostate(sist, PF_PEER_BOTH, TCPS_TIME_WAIT); - sist->timeout = PFTM_TCP_CLOSED; + pf_update_state_timeout(sist, + PFTM_TCP_CLOSED); sist->expire = getuptime(); } sist->state_flags |= PFSTATE_INP_UNLINKED; @@ -5036,18 +5049,18 @@ pf_tcp_track_full(struct pf_pdesc *pd, struct pf_state **stp, u_short *reason, (*stp)->expire = getuptime(); if (src->state >= TCPS_FIN_WAIT_2 && dst->state >= TCPS_FIN_WAIT_2) - (*stp)->timeout = PFTM_TCP_CLOSED; + pf_update_state_timeout(*stp, PFTM_TCP_CLOSED); else if (src->state >= TCPS_CLOSING && dst->state >= TCPS_CLOSING) - (*stp)->timeout = PFTM_TCP_FIN_WAIT; + pf_update_state_timeout(*stp, PFTM_TCP_FIN_WAIT); else if (src->state < TCPS_ESTABLISHED || dst->state < TCPS_ESTABLISHED) - (*stp)->timeout = PFTM_TCP_OPENING; + pf_update_state_timeout(*stp, PFTM_TCP_OPENING); else if (src->state >= TCPS_CLOSING || dst->state >= TCPS_CLOSING) - (*stp)->timeout = PFTM_TCP_CLOSING; + pf_update_state_timeout(*stp, PFTM_TCP_CLOSING); else - (*stp)->timeout = PFTM_TCP_ESTABLISHED; + pf_update_state_timeout(*stp, PFTM_TCP_ESTABLISHED); /* Fall through to PASS packet */ } else if ((dst->state < TCPS_SYN_SENT || @@ -5229,18 +5242,18 @@ pf_tcp_track_sloppy(struct pf_pdesc *pd, struct pf_state **stp, (*stp)->expire = getuptime(); if (src->state >= TCPS_FIN_WAIT_2 && dst->state >= TCPS_FIN_WAIT_2) - (*stp)->timeout = PFTM_TCP_CLOSED; + pf_update_state_timeout(*stp, PFTM_TCP_CLOSED); else if (src->state >= TCPS_CLOSING && dst->state >= TCPS_CLOSING) - (*stp)->timeout = PFTM_TCP_FIN_WAIT; + pf_update_state_timeout(*stp, PFTM_TCP_FIN_WAIT); else if (src->state < TCPS_ESTABLISHED || dst->state < TCPS_ESTABLISHED) - (*stp)->timeout = PFTM_TCP_OPENING; + pf_update_state_timeout(*stp, PFTM_TCP_OPENING); else if (src->state >= TCPS_CLOSING || dst->state >= TCPS_CLOSING) - (*stp)->timeout = PFTM_TCP_CLOSING; + pf_update_state_timeout(*stp, PFTM_TCP_CLOSING); else - (*stp)->timeout = PFTM_TCP_ESTABLISHED; + pf_update_state_timeout(*stp, PFTM_TCP_ESTABLISHED); return (PF_PASS); } @@ -5377,7 +5390,7 @@ pf_test_state(struct pf_pdesc *pd, struct pf_state **stp, u_short *reason) addlog("\n"); } /* XXX make sure it's the same direction ?? */ - (*stp)->timeout = PFTM_PURGE; + pf_update_state_timeout(*stp, PFTM_PURGE); pf_state_unref(*stp); *stp = NULL; pf_mbuf_link_inpcb(pd->m, inp); @@ -5417,9 +5430,9 @@ pf_test_state(struct pf_pdesc *pd, struct pf_state **stp, u_short *reason) (*stp)->expire = getuptime(); if (src->state == PFUDPS_MULTIPLE && dst->state == PFUDPS_MULTIPLE) - (*stp)->timeout = PFTM_UDP_MULTIPLE; + pf_update_state_timeout(*stp, PFTM_UDP_MULTIPLE); else - (*stp)->timeout = PFTM_UDP_SINGLE; + pf_update_state_timeout(*stp, PFTM_UDP_SINGLE); break; default: /* update states */ @@ -5432,9 +5445,9 @@ pf_test_state(struct pf_pdesc *pd, struct pf_state **stp, u_short *reason) (*stp)->expire = getuptime(); if (src->state == PFOTHERS_MULTIPLE && dst->state == PFOTHERS_MULTIPLE) - (*stp)->timeout = PFTM_OTHER_MULTIPLE; + pf_update_state_timeout(*stp, PFTM_OTHER_MULTIPLE); else - (*stp)->timeout = PFTM_OTHER_SINGLE; + pf_update_state_timeout(*stp, PFTM_OTHER_SINGLE); break; } @@ -5585,7 +5598,7 @@ pf_test_state_icmp(struct pf_pdesc *pd, struct pf_state **stp, return (ret); (*stp)->expire = getuptime(); - (*stp)->timeout = PFTM_ICMP_ERROR_REPLY; + pf_update_state_timeout(*stp, PFTM_ICMP_ERROR_REPLY); /* translate source/destination address, if necessary */ if ((*stp)->key[PF_SK_WIRE] != (*stp)->key[PF_SK_STACK]) { diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index 41cfebc6b..502354e02 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in_pcb.c,v 1.279 2023/11/29 18:30:48 bluhm Exp $ */ +/* $OpenBSD: in_pcb.c,v 1.280 2023/12/01 15:30:46 bluhm Exp $ */ /* $NetBSD: in_pcb.c,v 1.25 1996/02/13 23:41:53 christos Exp $ */ /* @@ -268,6 +268,7 @@ in_pcballoc(struct socket *so, struct inpcbtable *table, int wait) int in_pcbbind(struct inpcb *inp, struct mbuf *nam, struct proc *p) { + struct inpcbtable *table = inp->inp_table; struct socket *so = inp->inp_socket; u_int16_t lport = 0; int wild = 0; @@ -341,7 +342,10 @@ in_pcbbind(struct inpcb *inp, struct mbuf *nam, struct proc *p) } } inp->inp_lport = lport; + mtx_enter(&table->inpt_mtx); in_pcbrehash(inp); + mtx_leave(&table->inpt_mtx); + return (0); } @@ -480,6 +484,7 @@ in_pcbpickport(u_int16_t *lport, const void *laddr, int wild, int in_pcbconnect(struct inpcb *inp, struct mbuf *nam) { + struct inpcbtable *table = inp->inp_table; struct in_addr ina; struct sockaddr_in *sin; struct inpcb *t; @@ -526,7 +531,10 @@ in_pcbconnect(struct inpcb *inp, struct mbuf *nam) } inp->inp_faddr = sin->sin_addr; inp->inp_fport = sin->sin_port; + mtx_enter(&table->inpt_mtx); in_pcbrehash(inp); + mtx_leave(&table->inpt_mtx); + #if NSTOEPLITZ > 0 inp->inp_flowid = stoeplitz_ip4port(inp->inp_faddr.s_addr, inp->inp_laddr.s_addr, inp->inp_fport, inp->inp_lport); @@ -544,20 +552,7 @@ in_pcbdisconnect(struct inpcb *inp) pf_inp_unlink(inp); } #endif - switch (sotopf(inp->inp_socket)) { -#ifdef INET6 - case PF_INET6: - inp->inp_faddr6 = in6addr_any; - break; -#endif - case PF_INET: - inp->inp_faddr.s_addr = INADDR_ANY; - break; - } - - inp->inp_fport = 0; inp->inp_flowid = 0; - in_pcbrehash(inp); if (inp->inp_socket->so_state & SS_NOFDREF) in_pcbdetach(inp); } @@ -1044,11 +1039,11 @@ in_pcbrehash(struct inpcb *inp) { struct inpcbtable *table = inp->inp_table; - mtx_enter(&table->inpt_mtx); + MUTEX_ASSERT_LOCKED(&table->inpt_mtx); + LIST_REMOVE(inp, inp_lhash); LIST_REMOVE(inp, inp_hash); in_pcbhash_insert(inp); - mtx_leave(&table->inpt_mtx); } void @@ -1266,3 +1261,87 @@ in_pcblookup_listen(struct inpcbtable *table, struct in_addr laddr, #endif return (inp); } + +int +in_pcbset_rtableid(struct inpcb *inp, u_int rtableid) +{ + struct inpcbtable *table = inp->inp_table; + + mtx_enter(&table->inpt_mtx); + if (inp->inp_lport) { + mtx_leave(&table->inpt_mtx); + return (EBUSY); + } + inp->inp_rtableid = rtableid; + in_pcbrehash(inp); + mtx_leave(&table->inpt_mtx); + + return (0); +} + +void +in_pcbset_laddr(struct inpcb *inp, const struct sockaddr *sa, u_int rtableid) +{ + struct inpcbtable *table = inp->inp_table; + + mtx_enter(&table->inpt_mtx); + inp->inp_rtableid = rtableid; +#ifdef INET6 + if (ISSET(inp->inp_flags, INP_IPV6)) { + const struct sockaddr_in6 *sin6; + + KASSERT(sa->sa_family == AF_INET6); + sin6 = satosin6_const(sa); + inp->inp_lport = sin6->sin6_port; + inp->inp_laddr6 = sin6->sin6_addr; + } else +#endif + { + const struct sockaddr_in *sin; + + KASSERT(sa->sa_family == AF_INET); + sin = satosin_const(sa); + inp->inp_lport = sin->sin_port; + inp->inp_laddr = sin->sin_addr; + } + in_pcbrehash(inp); + mtx_leave(&table->inpt_mtx); +} + +void +in_pcbunset_faddr(struct inpcb *inp) +{ + struct inpcbtable *table = inp->inp_table; + + mtx_enter(&table->inpt_mtx); +#ifdef INET6 + if (ISSET(inp->inp_flags, INP_IPV6)) + inp->inp_faddr6 = in6addr_any; + else +#endif + inp->inp_faddr.s_addr = INADDR_ANY; + inp->inp_fport = 0; + in_pcbrehash(inp); + mtx_leave(&table->inpt_mtx); +} + +void +in_pcbunset_laddr(struct inpcb *inp) +{ + struct inpcbtable *table = inp->inp_table; + + mtx_enter(&table->inpt_mtx); +#ifdef INET6 + if (ISSET(inp->inp_flags, INP_IPV6)) { + inp->inp_faddr6 = in6addr_any; + inp->inp_laddr6 = in6addr_any; + } else +#endif + { + inp->inp_faddr.s_addr = INADDR_ANY; + inp->inp_laddr.s_addr = INADDR_ANY; + } + inp->inp_fport = 0; + in_pcbrehash(inp); + mtx_leave(&table->inpt_mtx); +} diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h index 0bb4bac28..0a3bb35a4 100644 --- a/sys/netinet/in_pcb.h +++ b/sys/netinet/in_pcb.h @@ -1,4 +1,4 @@ -/* $OpenBSD: in_pcb.h,v 1.140 2023/11/29 18:30:48 bluhm Exp $ */ +/* $OpenBSD: in_pcb.h,v 1.141 2023/12/01 15:30:46 bluhm Exp $ */ /* $NetBSD: in_pcb.h,v 1.14 1996/02/13 23:42:00 christos Exp $ */ /* @@ -335,5 +335,10 @@ void in6_pcbnotify(struct inpcbtable *, struct sockaddr_in6 *, int in6_selecthlim(struct inpcb *); int in_pcbpickport(u_int16_t *, const void *, int, const struct inpcb *, struct proc *); +int in_pcbset_rtableid(struct inpcb *, u_int); +void in_pcbset_laddr(struct inpcb *, const struct sockaddr *, u_int); +void in_pcbunset_faddr(struct inpcb *); +void in_pcbunset_laddr(struct inpcb *); + #endif /* _KERNEL */ #endif /* _NETINET_IN_PCB_H_ */ diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index fb9cc84fd..87cf83c81 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.391 2023/11/26 22:08:10 bluhm Exp $ */ +/* $OpenBSD: ip_output.c,v 1.392 2023/12/01 15:30:47 bluhm Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -1082,12 +1082,7 @@ ip_ctloutput(int op, struct socket *so, int level, int optname, error = EINVAL; break; } - if (inp->inp_lport) { - error = EBUSY; - break; - } - inp->inp_rtableid = rtid; - in_pcbrehash(inp); + error = in_pcbset_rtableid(inp, rtid); break; case IP_PIPEX: if (m != NULL && m->m_len == sizeof(int)) diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 349cadfed..ef2852520 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_input.c,v 1.396 2023/11/30 10:21:56 bluhm Exp $ */ +/* $OpenBSD: tcp_input.c,v 1.397 2023/12/01 15:30:47 bluhm Exp $ */ /* $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $ */ /* @@ -3489,6 +3489,7 @@ syn_cache_get(struct sockaddr *src, struct sockaddr *dst, struct tcphdr *th, struct tcpcb *tp = NULL; struct mbuf *am; struct socket *oso; + u_int rtableid; NET_ASSERT_LOCKED(); @@ -3553,37 +3554,25 @@ syn_cache_get(struct sockaddr *src, struct sockaddr *dst, struct tcphdr *th, #endif /* INET6 */ { inp->inp_ip.ip_ttl = oldinp->inp_ip.ip_ttl; + inp->inp_options = ip_srcroute(m); + if (inp->inp_options == NULL) { + inp->inp_options = sc->sc_ipopts; + sc->sc_ipopts = NULL; + } } + /* inherit rtable from listening socket */ + rtableid = sc->sc_rtableid; #if NPF > 0 if (m->m_pkthdr.pf.flags & PF_TAG_DIVERTED) { struct pf_divert *divert; divert = pf_find_divert(m); KASSERT(divert != NULL); - inp->inp_rtableid = divert->rdomain; - } else -#endif - /* inherit rtable from listening socket */ - inp->inp_rtableid = sc->sc_rtableid; - - inp->inp_lport = th->th_dport; - switch (src->sa_family) { -#ifdef INET6 - case AF_INET6: - inp->inp_laddr6 = satosin6(dst)->sin6_addr; - break; -#endif /* INET6 */ - case AF_INET: - inp->inp_laddr = satosin(dst)->sin_addr; - inp->inp_options = ip_srcroute(m); - if (inp->inp_options == NULL) { - inp->inp_options = sc->sc_ipopts; - sc->sc_ipopts = NULL; - } - break; + rtableid = divert->rdomain; } - in_pcbrehash(inp); +#endif + in_pcbset_laddr(inp, dst, rtableid); /* * Give the new socket our cached route reference. diff --git a/sys/netinet/tcp_usrreq.c b/sys/netinet/tcp_usrreq.c index 350a6134e..8fa1e0224 100644 --- a/sys/netinet/tcp_usrreq.c +++ b/sys/netinet/tcp_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_usrreq.c,v 1.224 2023/11/28 13:23:20 bluhm Exp $ */ +/* $OpenBSD: tcp_usrreq.c,v 1.226 2023/12/01 15:30:47 bluhm Exp $ */ /* $NetBSD: tcp_usrreq.c,v 1.20 1996/02/13 23:44:16 christos Exp $ */ /* @@ -635,7 +635,6 @@ tcp_connect(struct socket *so, struct mbuf *nam) error = EINVAL; goto out; } - error = in6_pcbconnect(inp, nam); } else #endif /* INET6 */ { @@ -650,13 +649,14 @@ tcp_connect(struct socket *so, struct mbuf *nam) error = EINVAL; goto out; } - error = in_pcbconnect(inp, nam); } + error = in_pcbconnect(inp, nam); if (error) goto out; tp->t_template = tcp_template(tp); if (tp->t_template == 0) { + in_pcbunset_faddr(inp); in_pcbdisconnect(inp); error = ENOBUFS; goto out; diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index 6c40f766a..7ad852405 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: udp_usrreq.c,v 1.310 2023/11/29 18:30:48 bluhm Exp $ */ +/* $OpenBSD: udp_usrreq.c,v 1.312 2023/12/01 15:30:47 bluhm Exp $ */ /* $NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $ */ /* @@ -1153,15 +1153,13 @@ udp_connect(struct socket *so, struct mbuf *addr) if (inp->inp_flags & INP_IPV6) { if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6)) return (EISCONN); - error = in6_pcbconnect(inp, addr); } else #endif /* INET6 */ { if (inp->inp_faddr.s_addr != INADDR_ANY) return (EISCONN); - error = in_pcbconnect(inp, addr); } - + error = in_pcbconnect(inp, addr); if (error) return (error); @@ -1186,14 +1184,7 @@ udp_disconnect(struct socket *so) if (inp->inp_faddr.s_addr == INADDR_ANY) return (ENOTCONN); } - -#ifdef INET6 - if (inp->inp_flags & INP_IPV6) - inp->inp_laddr6 = in6addr_any; - else -#endif /* INET6 */ - inp->inp_laddr.s_addr = INADDR_ANY; - + in_pcbunset_laddr(inp); in_pcbdisconnect(inp); so->so_state &= ~SS_ISCONNECTED; /* XXX */ diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c index 8933b493e..83b6caa08 100644 --- a/sys/netinet6/in6_pcb.c +++ b/sys/netinet6/in6_pcb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in6_pcb.c,v 1.126 2023/11/29 18:30:48 bluhm Exp $ */ +/* $OpenBSD: in6_pcb.c,v 1.128 2023/12/01 15:30:47 bluhm Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -245,7 +245,8 @@ in6_pcbaddrisavail(struct inpcb *inp, struct sockaddr_in6 *sin6, int wild, int in6_pcbconnect(struct inpcb *inp, struct mbuf *nam) { - struct in6_addr *in6a = NULL; + struct inpcbtable *table = inp->inp_table; + const struct in6_addr *in6a; struct sockaddr_in6 *sin6; struct inpcb *t; int error; @@ -312,6 +313,10 @@ in6_pcbconnect(struct inpcb *inp, struct mbuf *nam) } inp->inp_faddr6 = sin6->sin6_addr; inp->inp_fport = sin6->sin6_port; + mtx_enter(&table->inpt_mtx); + in_pcbrehash(inp); + mtx_leave(&table->inpt_mtx); + inp->inp_flowinfo &= ~IPV6_FLOWLABEL_MASK; if (ip6_auto_flowlabel) inp->inp_flowinfo |= @@ -320,7 +325,6 @@ in6_pcbconnect(struct inpcb *inp, struct mbuf *nam) inp->inp_flowid = stoeplitz_ip6port(&inp->inp_faddr6, &inp->inp_laddr6, inp->inp_fport, inp->inp_lport); #endif - in_pcbrehash(inp); return (0); } diff --git a/sys/netinet6/in6_src.c b/sys/netinet6/in6_src.c index a3741c089..7128b0d2f 100644 --- a/sys/netinet6/in6_src.c +++ b/sys/netinet6/in6_src.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in6_src.c,v 1.87 2023/11/28 13:23:20 bluhm Exp $ */ +/* $OpenBSD: in6_src.c,v 1.88 2023/12/01 14:08:04 bluhm Exp $ */ /* $KAME: in6_src.c,v 1.36 2001/02/06 04:08:17 itojun Exp $ */ /* @@ -91,7 +91,7 @@ int in6_selectif(struct sockaddr_in6 *, struct ip6_pktopts *, * the values set at pcb level can be overridden via cmsg. */ int -in6_pcbselsrc(struct in6_addr **in6src, struct sockaddr_in6 *dstsock, +in6_pcbselsrc(const struct in6_addr **in6src, struct sockaddr_in6 *dstsock, struct inpcb *inp, struct ip6_pktopts *opts) { struct ip6_moptions *mopts = inp->inp_moptions6; @@ -249,7 +249,7 @@ in6_pcbselsrc(struct in6_addr **in6src, struct sockaddr_in6 *dstsock, * an entry to the caller for later use. */ int -in6_selectsrc(struct in6_addr **in6src, struct sockaddr_in6 *dstsock, +in6_selectsrc(const struct in6_addr **in6src, struct sockaddr_in6 *dstsock, struct ip6_moptions *mopts, unsigned int rtableid) { struct ifnet *ifp = NULL; diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index 96e0bea3b..8366d833c 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_output.c,v 1.281 2023/11/28 13:23:20 bluhm Exp $ */ +/* $OpenBSD: ip6_output.c,v 1.282 2023/12/01 15:30:47 bluhm Exp $ */ /* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */ /* @@ -1381,12 +1381,7 @@ do { \ error = EINVAL; break; } - if (inp->inp_lport) { - error = EBUSY; - break; - } - inp->inp_rtableid = rtid; - in_pcbrehash(inp); + error = in_pcbset_rtableid(inp, rtid); break; case IPV6_PIPEX: if (m != NULL && m->m_len == sizeof(int)) diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h index f5b8839b2..ae7c7f925 100644 --- a/sys/netinet6/ip6_var.h +++ b/sys/netinet6/ip6_var.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_var.h,v 1.107 2023/11/26 22:08:10 bluhm Exp $ */ +/* $OpenBSD: ip6_var.h,v 1.108 2023/12/01 14:08:04 bluhm Exp $ */ /* $KAME: ip6_var.h,v 1.33 2000/06/11 14:59:20 jinmei Exp $ */ /* @@ -365,9 +365,9 @@ int rip6_sysctl(int *, u_int, void *, size_t *, void *, size_t); int dest6_input(struct mbuf **, int *, int, int); int none_input(struct mbuf **, int *, int); -int in6_pcbselsrc(struct in6_addr **, struct sockaddr_in6 *, +int in6_pcbselsrc(const struct in6_addr **, struct sockaddr_in6 *, struct inpcb *, struct ip6_pktopts *); -int in6_selectsrc(struct in6_addr **, struct sockaddr_in6 *, +int in6_selectsrc(const struct in6_addr **, struct sockaddr_in6 *, struct ip6_moptions *, unsigned int); struct rtentry *in6_selectroute(struct sockaddr_in6 *, struct ip6_pktopts *, struct route_in6 *, unsigned int rtableid); diff --git a/sys/netinet6/raw_ip6.c b/sys/netinet6/raw_ip6.c index 0a91302e4..94bf4934c 100644 --- a/sys/netinet6/raw_ip6.c +++ b/sys/netinet6/raw_ip6.c @@ -1,4 +1,4 @@ -/* $OpenBSD: raw_ip6.c,v 1.175 2023/11/28 13:23:20 bluhm Exp $ */ +/* $OpenBSD: raw_ip6.c,v 1.176 2023/12/01 14:08:04 bluhm Exp $ */ /* $KAME: raw_ip6.c,v 1.69 2001/03/04 15:55:44 itojun Exp $ */ /* @@ -451,7 +451,7 @@ rip6_output(struct mbuf *m, struct socket *so, struct sockaddr *dstaddr, * Source address selection. */ { - struct in6_addr *in6a; + const struct in6_addr *in6a; error = in6_pcbselsrc(&in6a, satosin6(dstaddr), in6p, optp); if (error) @@ -683,7 +683,7 @@ rip6_connect(struct socket *so, struct mbuf *nam) { struct inpcb *in6p = sotoinpcb(so); struct sockaddr_in6 *addr; - struct in6_addr *in6a = NULL; + const struct in6_addr *in6a; int error; soassertlocked(so); diff --git a/sys/netinet6/udp6_output.c b/sys/netinet6/udp6_output.c index 876b9b753..4638c1e81 100644 --- a/sys/netinet6/udp6_output.c +++ b/sys/netinet6/udp6_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: udp6_output.c,v 1.61 2023/11/28 13:23:20 bluhm Exp $ */ +/* $OpenBSD: udp6_output.c,v 1.62 2023/12/01 14:08:04 bluhm Exp $ */ /* $KAME: udp6_output.c,v 1.21 2001/02/07 11:51:54 itojun Exp $ */ /* @@ -101,7 +101,7 @@ udp6_output(struct inpcb *in6p, struct mbuf *m, struct mbuf *addr6, int error = 0, priv = 0, hlen, flags; struct ip6_hdr *ip6; struct udphdr *udp6; - struct in6_addr *laddr, *faddr; + const struct in6_addr *laddr, *faddr; struct ip6_pktopts *optp, opt; struct sockaddr_in6 tmp, valid; struct proc *p = curproc; /* XXX */ diff --git a/sys/sys/mutex.h b/sys/sys/mutex.h index 22a375a0b..8bb039aeb 100644 --- a/sys/sys/mutex.h +++ b/sys/sys/mutex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: mutex.h,v 1.18 2019/04/23 13:35:12 visa Exp $ */ +/* $OpenBSD: mutex.h,v 1.19 2023/12/01 14:37:22 bluhm Exp $ */ /* * Copyright (c) 2004 Artur Grabowski @@ -84,8 +84,8 @@ void __mtx_init(struct mutex *, int); panic("mutex %p held in %s", (mtx), __func__); \ } while (0) #else -#define MUTEX_ASSERT_LOCKED(mtx) do { } while (0) -#define MUTEX_ASSERT_UNLOCKED(mtx) do { } while (0) +#define MUTEX_ASSERT_LOCKED(mtx) do { (void)(mtx); } while (0) +#define MUTEX_ASSERT_UNLOCKED(mtx) do { (void)(mtx); } while (0) #endif #define MUTEX_LOCK_OBJECT(mtx) (&(mtx)->mtx_lock_obj) diff --git a/usr.sbin/makefs/msdos/msdosfs_vfsops.c b/usr.sbin/makefs/msdos/msdosfs_vfsops.c index 237cd392f..f00bf9ad1 100644 --- a/usr.sbin/makefs/msdos/msdosfs_vfsops.c +++ b/usr.sbin/makefs/msdos/msdosfs_vfsops.c @@ -1,4 +1,4 @@ -/* $OpenBSD: msdosfs_vfsops.c,v 1.13 2021/10/06 00:40:41 deraadt Exp $ */ +/* $OpenBSD: msdosfs_vfsops.c,v 1.14 2023/12/01 16:23:03 miod Exp $ */ /*- * Copyright (C) 1994, 1995, 1997 Wolfgang Solfrank. @@ -278,7 +278,8 @@ msdosfs_mount(struct mkfsvnode *devvp, int flags) DPRINTF(("%s(bread %lu)\n", __func__, (unsigned long)de_bn2kb(pmp, pmp->pm_fsinfo))); if ((error = bread(devvp, de_bn2kb(pmp, pmp->pm_fsinfo), - pmp->pm_BytesPerSec, 0, &bp)) != 0) + roundup(sizeof(struct fsinfo), pmp->pm_BytesPerSec), + 0, &bp)) != 0) goto error_exit; fp = (struct fsinfo *)bp->b_data; if (!memcmp(fp->fsisig1, "RRaA", 4) diff --git a/usr.sbin/relayd/relay_http.c b/usr.sbin/relayd/relay_http.c index 0216de027..e62ece35f 100644 --- a/usr.sbin/relayd/relay_http.c +++ b/usr.sbin/relayd/relay_http.c @@ -1,4 +1,4 @@ -/* $OpenBSD: relay_http.c,v 1.86 2023/11/29 15:35:07 millert Exp $ */ +/* $OpenBSD: relay_http.c,v 1.87 2023/12/01 16:48:40 millert Exp $ */ /* * Copyright (c) 2006 - 2016 Reyk Floeter @@ -413,24 +413,41 @@ relay_read_http(struct bufferevent *bev, void *arg) if (desc->http_method != HTTP_METHOD_NONE && strcasecmp("Content-Length", key) == 0) { - /* - * These methods should not have a body - * and thus no Content-Length header. - */ - if (desc->http_method == HTTP_METHOD_TRACE || - desc->http_method == HTTP_METHOD_CONNECT) { + switch (desc->http_method) { + case HTTP_METHOD_TRACE: + case HTTP_METHOD_CONNECT: + /* + * These methods should not have a body + * and thus no Content-Length header. + */ relay_abort_http(con, 400, "malformed", 0); goto abort; - } - /* - * HEAD responses may provide a Content-Length - * header, but if so it should just be ignored, - * since there is no actual payload in the - * response. - */ - if (desc->http_method != HTTP_METHOD_RESPONSE - || request_method != HTTP_METHOD_HEAD) { + case HTTP_METHOD_GET: + case HTTP_METHOD_HEAD: + case HTTP_METHOD_COPY: + case HTTP_METHOD_MOVE: + /* + * We strip the body (if present) from + * the GET, HEAD, COPY and MOVE methods + * so strip Content-Length too. + */ + kv_delete(&desc->http_headers, + desc->http_lastheader); + break; + case HTTP_METHOD_RESPONSE: + /* + * Strip Content-Length header from + * HEAD responses since there is no + * actual payload in the response. + */ + if (request_method == HTTP_METHOD_HEAD) { + kv_delete(&desc->http_headers, + desc->http_lastheader); + break; + } + /* FALLTHROUGH */ + default: /* * Need to read data from the client * after the HTTP header. @@ -450,6 +467,7 @@ relay_read_http(struct bufferevent *bev, void *arg) errstr, 0); goto abort; } + break; } /* * Response with a status code of 1xx diff --git a/usr.sbin/smtpd/parse.y b/usr.sbin/smtpd/parse.y index 7025011a3..a485457e1 100644 --- a/usr.sbin/smtpd/parse.y +++ b/usr.sbin/smtpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.292 2023/05/10 07:19:49 op Exp $ */ +/* $OpenBSD: parse.y,v 1.293 2023/12/01 09:25:49 op Exp $ */ /* * Copyright (c) 2008 Gilles Chehade @@ -251,7 +251,7 @@ varset : STRING '=' STRING { } ; -comma : ',' +comma : ',' optnl | nl | /* empty */ ; @@ -277,7 +277,7 @@ keyval : STRING assign STRING { } ; -keyval_list : keyval +keyval_list : keyval optnl | keyval comma keyval_list ; @@ -287,7 +287,7 @@ stringel : STRING { } ; -string_list : stringel +string_list : stringel optnl | stringel comma string_list ; @@ -936,7 +936,7 @@ HELO STRING { filter_config->filter_subsystem |= FILTER_SUBSYSTEM_SMTP_OUT; dict_init(&filter_config->chain_procs); dsp->u.remote.filtername = filtername; -} '{' filter_list '}' { +} '{' optnl filter_list '}' { dict_set(conf->sc_filters_dict, dsp->u.remote.filtername, filter_config); filter_config = NULL; } @@ -1887,7 +1887,7 @@ STRING { ; filter_list: -filterel +filterel optnl | filterel comma filter_list ; @@ -1959,7 +1959,7 @@ FILTER STRING CHAIN { filter_config = xcalloc(1, sizeof *filter_config); filter_config->filter_type = FILTER_TYPE_CHAIN; dict_init(&filter_config->chain_procs); -} '{' filter_list '}' { +} '{' optnl filter_list '}' { dict_set(conf->sc_filters_dict, $2, filter_config); filter_config = NULL; } @@ -2140,7 +2140,7 @@ opt_sock_listen : FILTER STRING { filter_config->filter_type = FILTER_TYPE_CHAIN; filter_config->filter_subsystem |= FILTER_SUBSYSTEM_SMTP_IN; dict_init(&filter_config->chain_procs); - } '{' filter_list '}' { + } '{' optnl filter_list '}' { dict_set(conf->sc_filters_dict, listen_opts.filtername, filter_config); filter_config = NULL; } @@ -2278,7 +2278,7 @@ opt_if_listen : INET4 { filter_config->filter_type = FILTER_TYPE_CHAIN; filter_config->filter_subsystem |= FILTER_SUBSYSTEM_SMTP_IN; dict_init(&filter_config->chain_procs); - } '{' filter_list '}' { + } '{' optnl filter_list '}' { dict_set(conf->sc_filters_dict, listen_opts.filtername, filter_config); filter_config = NULL; } @@ -2567,7 +2567,7 @@ table : TABLE STRING STRING { | TABLE STRING { table = table_create(conf, "static", $2, NULL); free($2); - } '{' tableval_list '}' { + } '{' optnl tableval_list '}' { table = NULL; } ; @@ -2580,7 +2580,7 @@ tablenew : STRING { free($1); $$ = t; } - | '{' { + | '{' optnl { table = table_create(conf, "static", NULL, NULL); } tableval_list '}' { $$ = table;