SecBSD
/
src
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sync with OpenBSD -current

This commit is contained in:
purplerain 2024-01-12 01:27:06 +00:00
parent caf62be22c
commit b3ecf9fa9a
Signed by: purplerain
GPG Key ID: F42C07F07E2E35B7
56 changed files with 383 additions and 289 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
gnu/usr.bin/binutils-2.17/bfd/bfd-in2.h
View File

@ -2699,6 +2699,7 @@ in the instruction. */
BFD_RELOC_386_TLS_GOTDESC,
BFD_RELOC_386_TLS_DESC_CALL,
BFD_RELOC_386_TLS_DESC,
BFD_RELOC_386_GOT32X,
/* x86-64/elf relocations */
BFD_RELOC_X86_64_GOT32,

15
gnu/usr.bin/binutils-2.17/bfd/elf32-i386.c
View File

@ -136,9 +136,14 @@ static reloc_howto_type elf_howto_table[]=
HOWTO(R_386_TLS_DESC, 0, 2, 32, FALSE, 0, complain_overflow_bitfield,
bfd_elf_generic_reloc, "R_386_TLS_DESC",
TRUE, 0xffffffff, 0xffffffff, FALSE),
EMPTY_HOWTO (42), /* R_386_IRELATIVE */
HOWTO(R_386_GOT32X, 0, 2, 32, FALSE, 0, complain_overflow_bitfield,
bfd_elf_generic_reloc, "R_386_GOT32X",
TRUE, 0xffffffff, 0xffffffff, FALSE),
/* Another gap. */
#define R_386_tls (R_386_TLS_DESC + 1 - R_386_tls_offset)
/* XXX R_386_GOT32X isn't really a TLS relocation */
#define R_386_tls (R_386_GOT32X + 1 - R_386_tls_offset)
#define R_386_vt_offset (R_386_GNU_VTINHERIT - R_386_tls)
/* GNU extension to record C++ vtable hierarchy. */
@ -314,6 +319,10 @@ elf_i386_reloc_type_lookup (bfd *abfd ATTRIBUTE_UNUSED,
TRACE ("BFD_RELOC_386_TLS_DESC");
return &elf_howto_table[R_386_TLS_DESC - R_386_tls_offset];
case BFD_RELOC_386_GOT32X:
TRACE ("BFD_RELOC_386_GOT32X");
return &elf_howto_table[R_386_GOT32X - R_386_tls_offset];
case BFD_RELOC_VTABLE_INHERIT:
TRACE ("BFD_RELOC_VTABLE_INHERIT");
return &elf_howto_table[R_386_GNU_VTINHERIT - R_386_vt_offset];
@ -993,6 +1002,7 @@ elf_i386_check_relocs (bfd *abfd,
/* Fall through */
case R_386_GOT32:
case R_386_GOT32X:
case R_386_TLS_GD:
case R_386_TLS_GOTDESC:
case R_386_TLS_DESC_CALL:
@ -1004,6 +1014,7 @@ elf_i386_check_relocs (bfd *abfd,
{
default:
case R_386_GOT32: tls_type = GOT_NORMAL; break;
case R_386_GOT32X: tls_type = GOT_NORMAL; break;
case R_386_TLS_GD: tls_type = GOT_TLS_GD; break;
case R_386_TLS_GOTDESC:
case R_386_TLS_DESC_CALL:
@ -1392,6 +1403,7 @@ elf_i386_gc_sweep_hook (bfd *abfd,
case R_386_TLS_IE:
case R_386_TLS_GOTIE:
case R_386_GOT32:
case R_386_GOT32X:
if (h != NULL)
{
if (h->got.refcount > 0)
@ -2452,6 +2464,7 @@ elf_i386_relocate_section (bfd *output_bfd,
switch (r_type)
{
case R_386_GOT32:
case R_386_GOT32X:
/* Relocation is to the entry for this symbol in the global
offset table. */
if (htab->sgot == NULL)

1
gnu/usr.bin/binutils-2.17/bfd/libbfd.h
View File

@ -1050,6 +1050,7 @@ static const char *const bfd_reloc_code_real_names[] = { "@@uninitialized@@",
"BFD_RELOC_386_TLS_GOTDESC",
"BFD_RELOC_386_TLS_DESC_CALL",
"BFD_RELOC_386_TLS_DESC",
"BFD_RELOC_386_GOT32X",
"BFD_RELOC_X86_64_GOT32",
"BFD_RELOC_X86_64_PLT32",
"BFD_RELOC_X86_64_COPY",

3
gnu/usr.bin/binutils-2.17/gas/config/tc-i386.c
View File

@ -1313,6 +1313,7 @@ tc_i386_fix_adjustable (fixP)
if (fixP->fx_r_type == BFD_RELOC_386_GOTOFF
|| fixP->fx_r_type == BFD_RELOC_386_PLT32
|| fixP->fx_r_type == BFD_RELOC_386_GOT32
|| fixP->fx_r_type == BFD_RELOC_386_GOT32X
|| fixP->fx_r_type == BFD_RELOC_386_TLS_GD
|| fixP->fx_r_type == BFD_RELOC_386_TLS_LDM
|| fixP->fx_r_type == BFD_RELOC_386_TLS_LDO_32
@ -5142,6 +5143,7 @@ md_apply_fix (fixP, valP, seg)
return;
case BFD_RELOC_386_GOT32:
case BFD_RELOC_386_GOT32X:
case BFD_RELOC_X86_64_GOT32:
value = 0; /* Fully resolved at runtime. No addend. */
break;
@ -5708,6 +5710,7 @@ tc_gen_reloc (section, fixp)
case BFD_RELOC_X86_64_GOTPCREL:
case BFD_RELOC_386_PLT32:
case BFD_RELOC_386_GOT32:
case BFD_RELOC_386_GOT32X:
case BFD_RELOC_386_GOTOFF:
case BFD_RELOC_386_GOTPC:
case BFD_RELOC_386_TLS_GD:

1
gnu/usr.bin/binutils-2.17/gas/config/tc-i386.h
View File

@ -445,6 +445,7 @@ extern int tc_i386_fix_adjustable PARAMS ((struct fix *));
|| (FIX)->fx_plt \
|| (FIX)->fx_r_type == BFD_RELOC_386_PLT32 \
|| (FIX)->fx_r_type == BFD_RELOC_386_GOT32 \
|| (FIX)->fx_r_type == BFD_RELOC_386_GOT32X \
|| (FIX)->fx_r_type == BFD_RELOC_386_GOTPC \
|| (FIX)->fx_r_type == BFD_RELOC_X86_64_GOTPCREL \
|| TC_FORCE_RELOCATION (FIX))

1
gnu/usr.bin/binutils-2.17/include/elf/i386.h
View File

@ -66,6 +66,7 @@ START_RELOC_NUMBERS (elf_i386_reloc_type)
RELOC_NUMBER (R_386_TLS_GOTDESC, 39)
RELOC_NUMBER (R_386_TLS_DESC_CALL,40)
RELOC_NUMBER (R_386_TLS_DESC, 41)
RELOC_NUMBER (R_386_GOT32X, 43) /* 32 bit GOT entry */
/* Used by Intel. */
RELOC_NUMBER (R_386_USED_BY_INTEL_200, 200)

39
regress/lib/libcrypto/evp/evp_test.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: evp_test.c,v 1.13 2023/12/31 01:31:07 tb Exp $ */
/* $OpenBSD: evp_test.c,v 1.14 2024/01/11 16:45:26 tb Exp $ */
/*
* Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
@ -260,42 +260,6 @@ evp_asn1_method_aliases_test(void)
return failed;
}
static int
evp_pkey_method_test(void)
{
const EVP_PKEY_METHOD *method;
int pkey_id;
int failed = 1;
if ((method = EVP_PKEY_meth_find(EVP_PKEY_RSA)) == NULL) {
fprintf(stderr, "FAIL: failed to find RSA method\n");
goto failure;
}
EVP_PKEY_meth_get0_info(&pkey_id, NULL, method);
if (pkey_id != EVP_PKEY_RSA) {
fprintf(stderr, "FAIL: method ID mismatch (%d != %d)\n",
pkey_id, EVP_PKEY_RSA);
goto failure;
}
if ((method = EVP_PKEY_meth_find(EVP_PKEY_RSA_PSS)) == NULL) {
fprintf(stderr, "FAIL: failed to find RSA-PSS method\n");
goto failure;
}
EVP_PKEY_meth_get0_info(&pkey_id, NULL, method);
if (pkey_id != EVP_PKEY_RSA_PSS) {
fprintf(stderr, "FAIL: method ID mismatch (%d != %d)\n",
pkey_id, EVP_PKEY_RSA_PSS);
goto failure;
}
failed = 0;
failure:
return failed;
}
static const struct evp_iv_len_test {
const EVP_CIPHER *(*cipher)(void);
int iv_len;
@ -789,7 +753,6 @@ main(int argc, char **argv)
failed |= evp_asn1_method_test();
failed |= evp_asn1_method_aliases_test();
failed |= evp_pkey_method_test();
failed |= evp_pkey_iv_len_test();
failed |= evp_do_all_test();
failed |= evp_aliases_test();

24
regress/usr.bin/ssh/Makefile
View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.131 2023/12/18 14:50:08 djm Exp $
# $OpenBSD: Makefile,v 1.133 2024/01/11 04:50:28 djm Exp $
OPENSSL?= yes
@ -168,24 +168,30 @@ t5:
awk '{print $$2}' | diff - ${.CURDIR}/t5.ok
t6:
ssh-keygen -if ${.CURDIR}/dsa_ssh2.prv > t6.out1
ssh-keygen -if ${.CURDIR}/dsa_ssh2.pub > t6.out2
chmod 600 t6.out1
ssh-keygen -yf t6.out1 | diff - t6.out2
set -xe ; if ssh -Q key | grep -q ^ssh-dss ; then \
ssh-keygen -if ${.CURDIR}/dsa_ssh2.prv > t6.out1 ; \
ssh-keygen -if ${.CURDIR}/dsa_ssh2.pub > t6.out2 ; \
chmod 600 t6.out1 ; \
ssh-keygen -yf t6.out1 | diff - t6.out2 ; \
fi
t7.out:
ssh-keygen -q -t rsa -N '' -f $@
ssh-keygen -q -t rsa -N '' -f $@ ; \
t7: t7.out
ssh-keygen -lf t7.out > /dev/null
ssh-keygen -Bf t7.out > /dev/null
t8.out:
ssh-keygen -q -t dsa -N '' -f $@
set -xe ; if ssh -Q key | grep -q ^ssh-dss ; then \
ssh-keygen -q -t dsa -N '' -f $@ ; \
fi
t8: t8.out
ssh-keygen -lf t8.out > /dev/null
ssh-keygen -Bf t8.out > /dev/null
set -xe ; if ssh -Q key | grep -q ^ssh-dss ; then \
ssh-keygen -lf t8.out > /dev/null ; \
ssh-keygen -Bf t8.out > /dev/null ; \
fi
t9.out:
ssh-keygen -q -t ecdsa -N '' -f $@

7
regress/usr.bin/ssh/unittests/Makefile.inc
View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile.inc,v 1.15 2023/09/24 08:14:13 claudio Exp $
# $OpenBSD: Makefile.inc,v 1.16 2024/01/11 01:45:58 djm Exp $
.include <bsd.own.mk>
.include <bsd.obj.mk>
@ -13,6 +13,11 @@ TEST_ENV?= MALLOC_OPTIONS=${MALLOC_OPTIONS}
# XXX detect from ssh binary?
OPENSSL?= yes
DSAKEY?= yes
.if (${DSAKEY:L} == "yes")
CFLAGS+= -DWITH_DSA
.endif
.if (${OPENSSL:L} == "yes")
CFLAGS+= -DWITH_OPENSSL

19
regress/usr.bin/ssh/unittests/hostkeys/test_iterate.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: test_iterate.c,v 1.8 2021/12/14 21:25:27 deraadt Exp $ */
/* $OpenBSD: test_iterate.c,v 1.9 2024/01/11 01:45:58 djm Exp $ */
/*
* Regress test for hostfile.h hostkeys_foreach()
*
@ -52,7 +52,7 @@ check(struct hostkey_foreach_line *l, void *_ctx)
int parse_key = (ctx->flags & HKF_WANT_PARSE_KEY) != 0;
const int matching = (ctx->flags & HKF_WANT_MATCH) != 0;
u_int expected_status, expected_match;
int expected_keytype;
int expected_keytype, skip = 0;
test_subtest_info("entry %zu/%zu, file line %ld",
ctx->i + 1, ctx->nexpected, l->linenum);
@ -85,6 +85,17 @@ check(struct hostkey_foreach_line *l, void *_ctx)
expected_keytype = (parse_key || expected->no_parse_keytype < 0) ?
expected->l.keytype : expected->no_parse_keytype;
#ifndef WITH_DSA
if (expected->l.keytype == KEY_DSA ||
expected->no_parse_keytype == KEY_DSA)
skip = 1;
#endif
if (skip) {
expected_status = HKF_STATUS_INVALID;
expected_keytype = KEY_UNSPEC;
parse_key = 0;
}
UPDATE_MATCH_STATUS(match_host_p);
UPDATE_MATCH_STATUS(match_host_s);
UPDATE_MATCH_STATUS(match_ipv4);
@ -128,6 +139,10 @@ prepare_expected(struct expected *expected, size_t n)
for (i = 0; i < n; i++) {
if (expected[i].key_file == NULL)
continue;
#ifndef WITH_DSA
if (expected[i].l.keytype == KEY_DSA)
continue;
#endif
ASSERT_INT_EQ(sshkey_load_public(
test_data_file(expected[i].key_file), &expected[i].l.key,
NULL), 0);

4
regress/usr.bin/ssh/unittests/kex/test_kex.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: test_kex.c,v 1.6 2021/12/14 21:25:27 deraadt Exp $ */
/* $OpenBSD: test_kex.c,v 1.7 2024/01/11 01:45:58 djm Exp $ */
/*
* Regress test KEX
*
@ -170,7 +170,9 @@ static void
do_kex(char *kex)
{
do_kex_with_key(kex, KEY_RSA, 2048);
#ifdef WITH_DSA
do_kex_with_key(kex, KEY_DSA, 1024);
#endif
do_kex_with_key(kex, KEY_ECDSA, 256);
do_kex_with_key(kex, KEY_ED25519, 256);
}

4
regress/usr.bin/ssh/unittests/sshkey/test_file.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: test_file.c,v 1.10 2021/12/14 21:25:27 deraadt Exp $ */
/* $OpenBSD: test_file.c,v 1.11 2024/01/11 01:45:58 djm Exp $ */
/*
* Regress test for sshkey.h key management API
*
@ -154,6 +154,7 @@ sshkey_file_tests(void)
sshkey_free(k1);
#ifdef WITH_DSA
TEST_START("parse DSA from private");
buf = load_file("dsa_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
@ -244,6 +245,7 @@ sshkey_file_tests(void)
TEST_DONE();
sshkey_free(k1);
#endif
TEST_START("parse ECDSA from private");
buf = load_file("ecdsa_1");

8
regress/usr.bin/ssh/unittests/sshkey/test_fuzz.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: test_fuzz.c,v 1.13 2021/12/14 21:25:27 deraadt Exp $ */
/* $OpenBSD: test_fuzz.c,v 1.14 2024/01/11 01:45:58 djm Exp $ */
/*
* Fuzz tests for key parsing
*
@ -152,6 +152,7 @@ sshkey_fuzz_tests(void)
fuzz_cleanup(fuzz);
TEST_DONE();
#ifdef WITH_DSA
TEST_START("fuzz DSA private");
buf = load_file("dsa_1");
fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf),
@ -195,6 +196,7 @@ sshkey_fuzz_tests(void)
sshbuf_free(fuzzed);
fuzz_cleanup(fuzz);
TEST_DONE();
#endif
TEST_START("fuzz ECDSA private");
buf = load_file("ecdsa_1");
@ -276,6 +278,7 @@ sshkey_fuzz_tests(void)
sshkey_free(k1);
TEST_DONE();
#ifdef WITH_DSA
TEST_START("fuzz DSA public");
buf = load_file("dsa_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
@ -289,6 +292,7 @@ sshkey_fuzz_tests(void)
public_fuzz(k1);
sshkey_free(k1);
TEST_DONE();
#endif
TEST_START("fuzz ECDSA public");
buf = load_file("ecdsa_1");
@ -342,6 +346,7 @@ sshkey_fuzz_tests(void)
sshkey_free(k1);
TEST_DONE();
#ifdef WITH_DSA
TEST_START("fuzz DSA sig");
buf = load_file("dsa_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
@ -349,6 +354,7 @@ sshkey_fuzz_tests(void)
sig_fuzz(k1, NULL);
sshkey_free(k1);
TEST_DONE();
#endif
TEST_START("fuzz ECDSA sig");
buf = load_file("ecdsa_1");

20
regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: test_sshkey.c,v 1.23 2023/01/04 22:48:57 tb Exp $ */
/* $OpenBSD: test_sshkey.c,v 1.24 2024/01/11 01:45:58 djm Exp $ */
/*
* Regress test for sshkey.h key management API
*
@ -170,8 +170,9 @@ get_private(const char *n)
void
sshkey_tests(void)
{
struct sshkey *k1, *k2, *k3, *k4, *kr, *kd, *ke, *kf;
struct sshbuf *b;
struct sshkey *k1 = NULL, *k2 = NULL, *k3 = NULL, *k4 = NULL;
struct sshkey *kr = NULL, *kd = NULL, *ke = NULL, *kf = NULL;
struct sshbuf *b = NULL;
TEST_START("new invalid");
k1 = sshkey_new(-42);
@ -191,12 +192,14 @@ sshkey_tests(void)
sshkey_free(k1);
TEST_DONE();
#ifdef WiTH_DSA
TEST_START("new/free KEY_DSA");
k1 = sshkey_new(KEY_DSA);
ASSERT_PTR_NE(k1, NULL);
ASSERT_PTR_NE(k1->dsa, NULL);
sshkey_free(k1);
TEST_DONE();
#endif
TEST_START("new/free KEY_ECDSA");
k1 = sshkey_new(KEY_ECDSA);
@ -226,12 +229,14 @@ sshkey_tests(void)
ASSERT_PTR_EQ(k1, NULL);
TEST_DONE();
#ifdef WITH_DSA
TEST_START("generate KEY_DSA wrong bits");
ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 2048, &k1),
SSH_ERR_KEY_LENGTH);
ASSERT_PTR_EQ(k1, NULL);
sshkey_free(k1);
TEST_DONE();
#endif
TEST_START("generate KEY_ECDSA wrong bits");
ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 42, &k1),
@ -252,6 +257,7 @@ sshkey_tests(void)
ASSERT_INT_EQ(BN_num_bits(rsa_n(kr)), 1024);
TEST_DONE();
#ifdef WITH_DSA
TEST_START("generate KEY_DSA");
ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 1024, &kd), 0);
ASSERT_PTR_NE(kd, NULL);
@ -259,6 +265,7 @@ sshkey_tests(void)
ASSERT_PTR_NE(dsa_g(kd), NULL);
ASSERT_PTR_NE(dsa_priv_key(kd), NULL);
TEST_DONE();
#endif
TEST_START("generate KEY_ECDSA");
ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 256, &ke), 0);
@ -292,6 +299,7 @@ sshkey_tests(void)
sshkey_free(k1);
TEST_DONE();
#ifdef WITH_DSA
TEST_START("demote KEY_DSA");
ASSERT_INT_EQ(sshkey_from_private(kd, &k1), 0);
ASSERT_PTR_NE(k1, NULL);
@ -306,6 +314,7 @@ sshkey_tests(void)
ASSERT_INT_EQ(sshkey_equal(kd, k1), 1);
sshkey_free(k1);
TEST_DONE();
#endif
TEST_START("demote KEY_ECDSA");
ASSERT_INT_EQ(sshkey_from_private(ke, &k1), 0);
@ -349,9 +358,6 @@ sshkey_tests(void)
ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1024, &k1), 0);
ASSERT_INT_EQ(sshkey_equal(kr, k1), 0);
sshkey_free(k1);
ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 1024, &k1), 0);
ASSERT_INT_EQ(sshkey_equal(kd, k1), 0);
sshkey_free(k1);
ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 256, &k1), 0);
ASSERT_INT_EQ(sshkey_equal(ke, k1), 0);
sshkey_free(k1);
@ -438,6 +444,7 @@ sshkey_tests(void)
sshkey_free(k2);
TEST_DONE();
#ifdef WITH_DSA
TEST_START("sign and verify DSA");
k1 = get_private("dsa_1");
ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_2.pub"), &k2,
@ -446,6 +453,7 @@ sshkey_tests(void)
sshkey_free(k1);
sshkey_free(k2);
TEST_DONE();
#endif
TEST_START("sign and verify ECDSA");
k1 = get_private("ecdsa_1");

4
regress/usr.bin/ssh/unittests/sshsig/tests.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: tests.c,v 1.3 2021/12/14 21:25:27 deraadt Exp $ */
/* $OpenBSD: tests.c,v 1.4 2024/01/11 01:45:59 djm Exp $ */
/*
* Regress test for sshbuf.h buffer API
*
@ -94,9 +94,11 @@ tests(void)
check_sig("rsa.pub", "rsa.sig", msg, namespace);
TEST_DONE();
#ifdef WITH_DSA
TEST_START("check DSA signature");
check_sig("dsa.pub", "dsa.sig", msg, namespace);
TEST_DONE();
#endif
TEST_START("check ECDSA signature");
check_sig("ecdsa.pub", "ecdsa.sig", msg, namespace);

22
sbin/ifconfig/ifconfig.8
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ifconfig.8,v 1.398 2023/07/18 16:01:20 bluhm Exp $
.\" $OpenBSD: ifconfig.8,v 1.399 2024/01/11 17:22:04 jan Exp $
.\" $NetBSD: ifconfig.8,v 1.11 1996/01/04 21:27:29 pk Exp $
.\" $FreeBSD: ifconfig.8,v 1.16 1998/02/01 07:03:29 steve Exp $
.\"
@ -31,7 +31,7 @@
.\"
.\" @(#)ifconfig.8 8.4 (Berkeley) 6/1/94
.\"
.Dd $Mdocdate: July 18 2023 $
.Dd $Mdocdate: January 11 2024 $
.Dt IFCONFIG 8
.Os
.Sh NAME
@ -269,15 +269,6 @@ The device supports IPv4 checksum offload.
As above, for TCP in IPv4 datagrams.
.It Sy CSUM_UDPv4
As above, for UDP.
.It Sy VLAN_MTU
The device can handle full sized frames, plus the size
of the
.Xr vlan 4
tag.
.It Sy VLAN_HWTAGGING
On transmit, the device can add the
.Xr vlan 4
tag.
.It Sy CSUM_TCPv6
As CSUM_TCPv4, but supports IPv6 datagrams.
.It Sy CSUM_UDPv6
@ -294,6 +285,15 @@ variable
to disable this feature.
.It Sy TSOv6
As above, for IPv6.
.It Sy VLAN_MTU
The device can handle full sized frames, plus the size
of the
.Xr vlan 4
tag.
.It Sy VLAN_HWTAGGING
On transmit, the device can add the
.Xr vlan 4
tag.
.It Sy WOL
The device supports Wake on LAN (WoL).
.It Sy hardmtu

5
share/misc/airport
View File

@ -1,4 +1,4 @@
# $OpenBSD: airport,v 1.92 2023/08/07 08:22:52 mbuhl Exp $
# $OpenBSD: airport,v 1.93 2024/01/11 07:59:43 deraadt Exp $
# @(#)airport 8.1 (Berkeley) 6/8/93
#
# Some of this information from the Airport Search Engine at
@ -1116,7 +1116,6 @@ MKL:Mc Kellar Field, Jackson, Tennessee, USA
MKM:Mukah, Sarawak, Malaysia
MKW:Rendani, Manokwari, Indonesia
MKY:Mackay, Queensland, Australia
MLN:Melilla, Spain
MLA:Luqa, Malta, Malta
MLB:Melbourne, Florida, USA
MLE:Male International, Maldives
@ -1124,6 +1123,7 @@ MLG:Malang, Indonesia
MLH:Mulhouse/Basel Euroairport, France
MLI:Moline Quad City, Alabama, USA
MLM:Morelia Municipal, Michoacan, Mexico
MLN:Melilla, Spain
MLO:Milos, Greece
MLS:Miles City, Montana, USA
MLU:Monroe, Louisiana, USA
@ -1859,6 +1859,7 @@ XDM:Drummondville, Quebec, Canada
XFD:Stratford, Ontario, Canada
XFW:Hamburg-Finkenwerder, Hamburg, Germany
XIY:Xianyang, Xi An, China
XKH:Xieng Khouang, Phonsavan, Laos
XLV:Niagara Falls, Ontario, Canada
XLZ:Truro, Nova Scotia, Canada
XMN:Xiamen International, China

45
sys/arch/amd64/amd64/trap.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: trap.c,v 1.102 2023/12/12 15:30:55 deraadt Exp $ */
/* $OpenBSD: trap.c,v 1.103 2024/01/11 19:16:26 miod Exp $ */
/* $NetBSD: trap.c,v 1.2 2003/05/04 23:51:56 fvdl Exp $ */
/*-
@ -550,12 +550,10 @@ ast(struct trapframe *frame)
void
syscall(struct trapframe *frame)
{
caddr_t params;
const struct sysent *callp;
struct proc *p;
int error = ENOSYS;
size_t argsize, argoff;
register_t code, args[9], rval[2], *argp;
register_t code, args[6], rval[2], *argp;
verify_smap(__func__);
uvmexp.syscalls++;
@ -568,36 +566,23 @@ syscall(struct trapframe *frame)
code = frame->tf_rax;
argp = &args[0];
argoff = 0;
if (code <= 0 || code >= SYS_MAXSYSCALL)
goto bad;
callp = sysent + code;
argsize = (callp->sy_argsize >> 3) + argoff;
if (argsize) {
switch (MIN(argsize, 6)) {
case 6:
args[5] = frame->tf_r9;
case 5:
args[4] = frame->tf_r8;
case 4:
args[3] = frame->tf_r10;
case 3:
args[2] = frame->tf_rdx;
case 2:
args[1] = frame->tf_rsi;
case 1:
args[0] = frame->tf_rdi;
break;
default:
panic("impossible syscall argsize");
}
if (argsize > 6) {
argsize -= 6;
params = (caddr_t)frame->tf_rsp + sizeof(register_t);
if ((error = copyin(params, &args[6], argsize << 3)))
goto bad;
}
switch (callp->sy_narg) {
case 6:
args[5] = frame->tf_r9;
case 5:
args[4] = frame->tf_r8;
case 4:
args[3] = frame->tf_r10;
case 3:
args[2] = frame->tf_rdx;
case 2:
args[1] = frame->tf_rsi;
case 1:
args[0] = frame->tf_rdi;
}
rval[0] = 0;

3
sys/arch/amd64/amd64/vmm_machdep.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: vmm_machdep.c,v 1.14 2024/01/10 04:13:59 dv Exp $ */
/* $OpenBSD: vmm_machdep.c,v 1.15 2024/01/11 17:13:48 jan Exp $ */
/*
* Copyright (c) 2014 Mike Larkin <mlarkin@openbsd.org>
*
@ -158,7 +158,6 @@ static int vmx_remote_vmclear(struct cpu_info*, struct vcpu *);
#endif
#ifdef VMM_DEBUG
void dump_vcpu(struct vcpu *);
void vmx_vcpu_dump_regs(struct vcpu *);
void vmx_dump_vmcs(struct vcpu *);
const char *msr_name_decode(uint32_t);

24
sys/arch/arm64/arm64/syscall.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: syscall.c,v 1.17 2023/12/13 15:57:22 miod Exp $ */
/* $OpenBSD: syscall.c,v 1.18 2024/01/11 19:16:26 miod Exp $ */
/*
* Copyright (c) 2015 Dale Rahn <drahn@dalerahn.com>
*
@ -26,16 +26,14 @@
#include <uvm/uvm_extern.h>
#define MAXARGS 8
void
svc_handler(trapframe_t *frame)
{
struct proc *p = curproc;
const struct sysent *callp;
int code, error = ENOSYS;
u_int nap = 8, nargs;
register_t *ap, *args, copyargs[MAXARGS], rval[2];
u_int nargs;
register_t *args, rval[2];
uvmexp.syscalls++;
@ -47,24 +45,12 @@ svc_handler(trapframe_t *frame)
frame->tf_elr += 8;
code = frame->tf_x[8];
ap = &frame->tf_x[0];
if (code <= 0 || code >= SYS_MAXSYSCALL)
goto bad;
callp = sysent + code;
nargs = callp->sy_argsize / sizeof(register_t);
if (nargs <= nap) {
args = ap;
} else {
KASSERT(nargs <= MAXARGS);
memcpy(copyargs, ap, nap * sizeof(register_t));
if ((error = copyin((void *)frame->tf_sp, copyargs + nap,
(nargs - nap) * sizeof(register_t))))
goto bad;
args = copyargs;
}
nargs = callp->sy_narg;
args = &frame->tf_x[0];
rval[0] = 0;
rval[1] = 0;

17
sys/dev/pci/if_qwx_pci.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: if_qwx_pci.c,v 1.1 2023/12/28 17:36:29 stsp Exp $ */
/* $OpenBSD: if_qwx_pci.c,v 1.2 2024/01/11 09:52:19 stsp Exp $ */
/*
* Copyright 2023 Stefan Sperling <stsp@openbsd.org>
@ -455,6 +455,7 @@ int qwx_mhi_await_device_ready(struct qwx_softc *);
void qwx_mhi_ready_state_transition(struct qwx_pci_softc *);
void qwx_mhi_ee_amss_state_transition(struct qwx_pci_softc *);
void qwx_mhi_mission_mode_state_transition(struct qwx_pci_softc *);
void qwx_mhi_low_power_mode_state_transition(struct qwx_pci_softc *);
void qwx_mhi_set_state(struct qwx_softc *, uint32_t);
void qwx_mhi_init_mmio(struct qwx_pci_softc *);
int qwx_mhi_fw_load_bhi(struct qwx_pci_softc *, uint8_t *, size_t);
@ -2920,6 +2921,14 @@ qwx_mhi_mission_mode_state_transition(struct qwx_pci_softc *psc)
qwx_mhi_device_zzz(sc);
}
void
qwx_mhi_low_power_mode_state_transition(struct qwx_pci_softc *psc)
{
struct qwx_softc *sc = &psc->sc_sc;
qwx_mhi_set_state(sc, MHI_STATE_M2);
}
void
qwx_mhi_set_state(struct qwx_softc *sc, uint32_t state)
{
@ -3397,6 +3406,12 @@ qwx_mhi_state_change(void *arg)
psc->mhi_state = mhi_state;
qwx_mhi_mission_mode_state_transition(psc);
break;
case MHI_STATE_M1:
DNPRINTF(QWX_D_MHI, "%s: new MHI state M1\n",
sc->sc_dev.dv_xname);
psc->mhi_state = mhi_state;
qwx_mhi_low_power_mode_state_transition(psc);
break;
case MHI_STATE_SYS_ERR:
DNPRINTF(QWX_D_MHI,
"%s: new MHI state SYS ERR\n",

6
sys/dev/vmm/vmm.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: vmm.h,v 1.3 2023/05/13 23:15:28 dv Exp $ */
/* $OpenBSD: vmm.h,v 1.4 2024/01/11 17:13:48 jan Exp $ */
/*
* Copyright (c) 2014-2023 Mike Larkin <mlarkin@openbsd.org>
*
@ -203,5 +203,9 @@ int vm_resetcpu(struct vm_resetcpu_params *);
int vcpu_must_stop(struct vcpu *);
int vm_share_mem(struct vm_sharemem_params *, struct proc *);
#ifdef VMM_DEBUG
void dump_vcpu(struct vcpu *);
#endif
#endif /* _KERNEL */
#endif /* DEV_VMM_H */

3
sys/kern/uipc_domain.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: uipc_domain.c,v 1.64 2023/05/18 10:23:19 mvs Exp $ */
/* $OpenBSD: uipc_domain.c,v 1.65 2024/01/11 14:15:11 bluhm Exp $ */
/* $NetBSD: uipc_domain.c,v 1.14 1996/02/09 19:00:44 christos Exp $ */
/*
@ -62,7 +62,6 @@ const struct domain *const domains[] = {
void pffasttimo(void *);
void pfslowtimo(void *);
const struct domain * pffinddomain(int);
void
domaininit(void)

8
sys/kern/uipc_socket.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: uipc_socket.c,v 1.312 2023/12/19 21:34:22 bluhm Exp $ */
/* $OpenBSD: uipc_socket.c,v 1.313 2024/01/11 14:15:11 bluhm Exp $ */
/* $NetBSD: uipc_socket.c,v 1.21 1996/02/04 02:17:52 christos Exp $ */
/*
@ -148,7 +148,7 @@ soinit(void)
}
struct socket *
soalloc(int wait)
soalloc(const struct domain *dp, int wait)
{
struct socket *so;
@ -156,7 +156,7 @@ soalloc(int wait)
PR_ZERO);
if (so == NULL)
return (NULL);
rw_init_flags(&so->so_lock, "solock", RWL_DUPOK);
rw_init_flags(&so->so_lock, dp->dom_name, RWL_DUPOK);
refcnt_init(&so->so_refcnt);
klist_init(&so->so_rcv.sb_klist, &socket_klistops, so);
klist_init(&so->so_snd.sb_klist, &socket_klistops, so);
@ -190,7 +190,7 @@ socreate(int dom, struct socket **aso, int type, int proto)
return (EPROTONOSUPPORT);
if (prp->pr_type != type)
return (EPROTOTYPE);
so = soalloc(M_WAIT);
so = soalloc(pffinddomain(dom), M_WAIT);
so->so_type = type;
if (suser(p) == 0)
so->so_state = SS_PRIV;

4
sys/kern/uipc_socket2.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: uipc_socket2.c,v 1.139 2023/12/18 13:11:20 bluhm Exp $ */
/* $OpenBSD: uipc_socket2.c,v 1.140 2024/01/11 14:15:11 bluhm Exp $ */
/* $NetBSD: uipc_socket2.c,v 1.11 1996/02/04 02:17:55 christos Exp $ */
/*
@ -188,7 +188,7 @@ sonewconn(struct socket *head, int connstatus, int wait)
return (NULL);
if (head->so_qlen + head->so_q0len > head->so_qlimit * 3)
return (NULL);
so = soalloc(wait);
so = soalloc(head->so_proto->pr_domain, wait);
if (so == NULL)
return (NULL);
so->so_type = head->so_type;

4
sys/net/pfkeyv2.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: pfkeyv2.c,v 1.259 2023/10/11 22:13:16 tobhe Exp $ */
/* $OpenBSD: pfkeyv2.c,v 1.260 2024/01/11 14:15:11 bluhm Exp $ */
/*
* @(#)COPYRIGHT 1.1 (NRL) 17 January 1995
@ -225,7 +225,7 @@ const struct protosw pfkeysw[] = {
const struct domain pfkeydomain = {
.dom_family = PF_KEY,
.dom_name = "PF_KEY",
.dom_name = "pfkey",
.dom_init = pfkey_init,
.dom_protosw = pfkeysw,
.dom_protoswNPROTOSW = &pfkeysw[nitems(pfkeysw)],

4
sys/netinet/in_proto.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: in_proto.c,v 1.102 2023/07/06 04:55:05 dlg Exp $ */
/* $OpenBSD: in_proto.c,v 1.103 2024/01/11 14:15:12 bluhm Exp $ */
/* $NetBSD: in_proto.c,v 1.14 1996/02/18 18:58:32 christos Exp $ */
/*
@ -387,7 +387,7 @@ const struct protosw inetsw[] = {
const struct domain inetdomain = {
.dom_family = AF_INET,
.dom_name = "internet",
.dom_name = "inet",
.dom_init = in_init,
.dom_protosw = inetsw,
.dom_protoswNPROTOSW = &inetsw[nitems(inetsw)],

10
sys/netinet/tcp_debug.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: tcp_debug.c,v 1.30 2022/02/22 01:15:02 guenther Exp $ */
/* $OpenBSD: tcp_debug.c,v 1.31 2024/01/11 13:49:49 bluhm Exp $ */
/* $NetBSD: tcp_debug.c,v 1.10 1996/02/13 23:43:36 christos Exp $ */
/*
@ -42,10 +42,10 @@
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgements:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* This product includes software developed at the Information
* Technology Division, US Naval Research Laboratory.
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* This product includes software developed at the Information
* Technology Division, US Naval Research Laboratory.
* 4. Neither the name of the NRL nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.

4
sys/netinet/tcp_input.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: tcp_input.c,v 1.397 2023/12/01 15:30:47 bluhm Exp $ */
/* $OpenBSD: tcp_input.c,v 1.398 2024/01/11 13:49:49 bluhm Exp $ */
/* $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $ */
/*
@ -3932,7 +3932,7 @@ syn_cache_add(struct sockaddr *src, struct sockaddr *dst, struct tcphdr *th,
if (syn_cache_respond(sc, m, now) == 0) {
mtx_enter(&syn_cache_mtx);
/*
* XXXSMP Currently exclusive netlock prevents another insert
* XXXSMP Currently exclusive netlock prevents another insert
* after our syn_cache_lookup() and before syn_cache_insert().
* Double insert should be handled and not rely on netlock.
*/

12
sys/netinet/tcp_subr.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: tcp_subr.c,v 1.194 2023/11/29 18:30:48 bluhm Exp $ */
/* $OpenBSD: tcp_subr.c,v 1.195 2024/01/11 13:49:49 bluhm Exp $ */
/* $NetBSD: tcp_subr.c,v 1.22 1996/02/13 23:44:00 christos Exp $ */
/*
@ -42,10 +42,10 @@
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgements:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* This product includes software developed at the Information
* Technology Division, US Naval Research Laboratory.
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* This product includes software developed at the Information
* Technology Division, US Naval Research Laboratory.
* 4. Neither the name of the NRL nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
@ -396,7 +396,7 @@ tcp_respond(struct tcpcb *tp, caddr_t template, struct tcphdr *th0,
case AF_INET6:
ip6->ip6_flow = htonl(0x60000000);
ip6->ip6_nxt = IPPROTO_TCP;
ip6->ip6_hlim = in6_selecthlim(tp ? tp->t_inpcb : NULL); /*XXX*/
ip6->ip6_hlim = in6_selecthlim(tp ? tp->t_inpcb : NULL); /*XXX*/
ip6->ip6_plen = tlen - sizeof(struct ip6_hdr);
ip6->ip6_plen = htons(ip6->ip6_plen);
ip6_output(m, tp ? tp->t_inpcb->inp_outputopts6 : NULL,

6
sys/netinet/tcp_timer.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: tcp_timer.c,v 1.73 2023/07/06 09:15:24 bluhm Exp $ */
/* $OpenBSD: tcp_timer.c,v 1.74 2024/01/11 13:49:49 bluhm Exp $ */
/* $NetBSD: tcp_timer.c,v 1.14 1996/02/13 23:44:09 christos Exp $ */
/*
@ -367,7 +367,9 @@ tcp_timer_rexmt(void *arg)
* to go below this.)
*/
{
u_long win = ulmin(tp->snd_wnd, tp->snd_cwnd) / 2 / tp->t_maxseg;
u_long win;
win = ulmin(tp->snd_wnd, tp->snd_cwnd) / 2 / tp->t_maxseg;
if (win < 2)
win = 2;
tp->snd_cwnd = tp->t_maxseg;

4
sys/netinet/tcp_usrreq.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: tcp_usrreq.c,v 1.227 2023/12/03 20:24:17 bluhm Exp $ */
/* $OpenBSD: tcp_usrreq.c,v 1.228 2024/01/11 13:49:49 bluhm Exp $ */
/* $NetBSD: tcp_usrreq.c,v 1.20 1996/02/13 23:44:16 christos Exp $ */
/*
@ -175,7 +175,7 @@ int tcp_fill_info(struct tcpcb *, struct socket *, struct mbuf *);
int tcp_ident(void *, size_t *, void *, size_t, int);
static inline int tcp_sogetpcb(struct socket *, struct inpcb **,
struct tcpcb **);
struct tcpcb **);
static inline int
tcp_sogetpcb(struct socket *so, struct inpcb **rinp, struct tcpcb **rtp)

35
sys/netinet/tcp_var.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: tcp_var.h,v 1.173 2023/11/29 19:19:25 bluhm Exp $ */
/* $OpenBSD: tcp_var.h,v 1.174 2024/01/11 13:49:49 bluhm Exp $ */
/* $NetBSD: tcp_var.h,v 1.17 1996/02/13 23:44:24 christos Exp $ */
/*
@ -43,7 +43,7 @@
struct sackblk {
tcp_seq start; /* start seq no. of sack block */
tcp_seq end; /* end seq no. */
tcp_seq end; /* end seq no. */
};
struct sackhole {
@ -334,7 +334,8 @@ struct syn_cache_set {
* is the same as the multiplier for rttvar.
*/
#define TCP_REXMTVAL(tp) \
((((tp)->t_srtt >> TCP_RTT_SHIFT) + (tp)->t_rttvar) >> TCP_RTT_BASE_SHIFT)
((((tp)->t_srtt >> TCP_RTT_SHIFT) + (tp)->t_rttvar) \
>> TCP_RTT_BASE_SHIFT)
/*
* TCP statistics.
@ -406,8 +407,8 @@ struct tcpstat {
u_int32_t tcps_rcvbadsig; /* rcvd bad/missing TCP signatures */
u_int64_t tcps_rcvgoodsig; /* rcvd good TCP signatures */
u_int32_t tcps_inswcsum; /* input software-checksummed packets */
u_int32_t tcps_outswcsum; /* output software-checksummed packets */
u_int32_t tcps_inswcsum; /* input software-checksummed pkts */
u_int32_t tcps_outswcsum; /* output software-checksummed pkts */
/* ECN stats */
u_int32_t tcps_ecn_accepts; /* ecn connections accepted */
@ -465,8 +466,8 @@ struct tcpstat {
* Names for TCP sysctl objects.
*/
#define TCPCTL_RFC1323 1 /* enable/disable RFC1323 timestamps/scaling */
#define TCPCTL_KEEPINITTIME 2 /* TCPT_KEEP value */
#define TCPCTL_RFC1323 1 /* enable RFC1323 timestamps/scaling */
#define TCPCTL_KEEPINITTIME 2 /* TCPT_KEEP value */
#define TCPCTL_KEEPIDLE 3 /* allow tcp_keepidle to be changed */
#define TCPCTL_KEEPINTVL 4 /* allow tcp_keepintvl to be changed */
#define TCPCTL_SLOWHZ 5 /* return kernel idea of PR_SLOWHZ */
@ -503,23 +504,23 @@ struct tcpstat {
{ "baddynamic", CTLTYPE_STRUCT }, \
{ NULL, 0 }, \
{ NULL, 0 }, \
{ "ident", CTLTYPE_STRUCT }, \
{ "ident", CTLTYPE_STRUCT }, \
{ "sack", CTLTYPE_INT }, \
{ "mssdflt", CTLTYPE_INT }, \
{ "rstppslimit", CTLTYPE_INT }, \
{ "ackonpush", CTLTYPE_INT }, \
{ "ecn", CTLTYPE_INT }, \
{ "syncachelimit", CTLTYPE_INT }, \
{ "synbucketlimit", CTLTYPE_INT }, \
{ "rfc3390", CTLTYPE_INT }, \
{ "reasslimit", CTLTYPE_INT }, \
{ "drop", CTLTYPE_STRUCT }, \
{ "sackholelimit", CTLTYPE_INT }, \
{ "ecn", CTLTYPE_INT }, \
{ "syncachelimit", CTLTYPE_INT }, \
{ "synbucketlimit", CTLTYPE_INT }, \
{ "rfc3390", CTLTYPE_INT }, \
{ "reasslimit", CTLTYPE_INT }, \
{ "drop", CTLTYPE_STRUCT }, \
{ "sackholelimit", CTLTYPE_INT }, \
{ "stats", CTLTYPE_STRUCT }, \
{ "always_keepalive", CTLTYPE_INT }, \
{ "synuselimit", CTLTYPE_INT }, \
{ "synuselimit", CTLTYPE_INT }, \
{ "rootonly", CTLTYPE_STRUCT }, \
{ "synhashsize", CTLTYPE_INT }, \
{ "synhashsize", CTLTYPE_INT }, \
{ "tso", CTLTYPE_INT }, \
}

4
sys/netinet6/in6_proto.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: in6_proto.c,v 1.112 2022/11/23 14:48:28 kn Exp $ */
/* $OpenBSD: in6_proto.c,v 1.113 2024/01/11 14:15:12 bluhm Exp $ */
/* $KAME: in6_proto.c,v 1.66 2000/10/10 15:35:47 itojun Exp $ */
/*
@ -332,7 +332,7 @@ const struct protosw inet6sw[] = {
const struct domain inet6domain = {
.dom_family = AF_INET6,
.dom_name = "internet6",
.dom_name = "inet6",
.dom_protosw = inet6sw,
.dom_protoswNPROTOSW = &inet6sw[nitems(inet6sw)],
.dom_sasize = sizeof(struct sockaddr_in6),

4
sys/sys/domain.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: domain.h,v 1.23 2022/11/23 14:50:59 kn Exp $ */
/* $OpenBSD: domain.h,v 1.24 2024/01/11 14:15:12 bluhm Exp $ */
/* $NetBSD: domain.h,v 1.10 1996/02/09 18:25:07 christos Exp $ */
/*
@ -49,7 +49,7 @@ struct ifnet;
struct domain {
int dom_family; /* AF_xxx */
char *dom_name;
const char *dom_name;
void (*dom_init)(void); /* initialize domain data structures */
/* externalize access rights */
int (*dom_externalize)(struct mbuf *, socklen_t, int);

3
sys/sys/protosw.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: protosw.h,v 1.63 2023/12/18 13:11:20 bluhm Exp $ */
/* $OpenBSD: protosw.h,v 1.64 2024/01/11 14:15:12 bluhm Exp $ */
/* $NetBSD: protosw.h,v 1.10 1996/04/09 20:55:32 cgd Exp $ */
/*-
@ -259,6 +259,7 @@ struct ifnet;
struct sockaddr;
const struct protosw *pffindproto(int, int, int);
const struct protosw *pffindtype(int, int);
const struct domain *pffinddomain(int);
void pfctlinput(int, struct sockaddr *);
extern u_char ip_protox[];

4
sys/sys/socketvar.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: socketvar.h,v 1.120 2023/07/04 22:28:24 mvs Exp $ */
/* $OpenBSD: socketvar.h,v 1.121 2024/01/11 14:15:12 bluhm Exp $ */
/* $NetBSD: socketvar.h,v 1.18 1996/02/09 18:25:38 christos Exp $ */
/*-
@ -346,7 +346,7 @@ int soconnect(struct socket *, struct mbuf *);
int soconnect2(struct socket *, struct socket *);
int socreate(int, struct socket **, int, int);
int sodisconnect(struct socket *);
struct socket *soalloc(int);
struct socket *soalloc(const struct domain *, int);
void sofree(struct socket *, int);
int sogetopt(struct socket *, int, int, struct mbuf *);
void sohasoutofband(struct socket *);

11
usr.bin/ssh/Makefile.inc
View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile.inc,v 1.88 2023/01/15 23:05:32 djm Exp $
# $OpenBSD: Makefile.inc,v 1.89 2024/01/11 01:45:36 djm Exp $
.include <bsd.own.mk>
@ -34,6 +34,7 @@ WARNINGS=yes
OPENSSL?= yes
ZLIB?= yes
DSAKEY?= yes
.if (${OPENSSL:L} == "yes")
CFLAGS+= -DWITH_OPENSSL
@ -43,6 +44,10 @@ CFLAGS+= -DWITH_OPENSSL
CFLAGS+= -DWITH_ZLIB
.endif
.if (${DSAKEY:L} == "yes")
CFLAGS+= -DWITH_DSA
.endif
CFLAGS+= -DENABLE_PKCS11
.ifndef NOPIC
CFLAGS+= -DHAVE_DLOPEN
@ -78,10 +83,12 @@ SRCS_KEY+= cipher.c
SRCS_KEY+= chacha.c
SRCS_KEY+= poly1305.c
.if (${OPENSSL:L} == "yes")
SRCS_KEY+= ssh-dss.c
SRCS_KEY+= ssh-ecdsa.c
SRCS_KEY+= ssh-ecdsa-sk.c
SRCS_KEY+= ssh-rsa.c
.if (${DSAKEY:L} == "yes")
SRCS_KEY+= ssh-dss.c
.endif
SRCS_KEY+= sshbuf-getput-crypto.c
SRCS_KEY+= digest-openssl.c
SRCS_KEY+= cipher-chachapoly-libcrypto.c

4
usr.bin/ssh/readconf.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: readconf.c,v 1.383 2023/10/12 02:18:18 djm Exp $ */
/* $OpenBSD: readconf.c,v 1.384 2024/01/11 01:45:36 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -2686,7 +2686,9 @@ fill_default_options(Options * options)
add_identity_file(options, "~/",
_PATH_SSH_CLIENT_ID_ED25519_SK, 0);
add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_XMSS, 0);
#ifdef WITH_DSA
add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DSA, 0);
#endif
}
if (options->escape_char == -1)
options->escape_char = '~';

4
usr.bin/ssh/readconf.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: readconf.h,v 1.154 2023/10/12 02:18:18 djm Exp $ */
/* $OpenBSD: readconf.h,v 1.155 2024/01/11 01:45:36 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -87,7 +87,7 @@ typedef struct {
char *sk_provider; /* Security key provider */
int verify_host_key_dns; /* Verify host key using DNS */
int num_identity_files; /* Number of files for RSA/DSA identities. */
int num_identity_files; /* Number of files for identities. */
char *identity_files[SSH_MAX_IDENTITY_FILES];
int identity_file_userprovided[SSH_MAX_IDENTITY_FILES];
struct sshkey *identity_keys[SSH_MAX_IDENTITY_FILES];

4
usr.bin/ssh/ssh-add.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-add.c,v 1.171 2024/01/08 00:30:39 djm Exp $ */
/* $OpenBSD: ssh-add.c,v 1.172 2024/01/11 01:45:36 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -78,7 +78,9 @@ static char *default_files[] = {
_PATH_SSH_CLIENT_ID_ED25519,
_PATH_SSH_CLIENT_ID_ED25519_SK,
_PATH_SSH_CLIENT_ID_XMSS,
#ifdef WITH_DSA
_PATH_SSH_CLIENT_ID_DSA,
#endif
NULL
};

6
usr.bin/ssh/ssh-dss.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-dss.c,v 1.49 2023/03/05 05:34:09 dtucker Exp $ */
/* $OpenBSD: ssh-dss.c,v 1.50 2024/01/11 01:45:36 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -36,6 +36,8 @@
#define SSHKEY_INTERNAL
#include "sshkey.h"
#ifdef WITH_DSA
#define INTBLOB_LEN 20
#define SIGBLOB_LEN (2*INTBLOB_LEN)
@ -445,3 +447,5 @@ const struct sshkey_impl sshkey_dsa_cert_impl = {
/* .keybits = */ 0,
/* .funcs = */ &sshkey_dss_funcs,
};
#endif /* WITH_DSA */

26
usr.bin/ssh/ssh-keygen.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-keygen.c,v 1.471 2023/09/04 10:29:58 job Exp $ */
/* $OpenBSD: ssh-keygen.c,v 1.472 2024/01/11 01:45:36 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -251,10 +251,12 @@ ask_filename(struct passwd *pw, const char *prompt)
name = _PATH_SSH_CLIENT_ID_ED25519;
else {
switch (sshkey_type_from_name(key_type_name)) {
#ifdef WITH_DSA
case KEY_DSA_CERT:
case KEY_DSA:
name = _PATH_SSH_CLIENT_ID_DSA;
break;
#endif
case KEY_ECDSA_CERT:
case KEY_ECDSA:
name = _PATH_SSH_CLIENT_ID_ECDSA;
@ -363,10 +365,12 @@ do_convert_to_pkcs8(struct sshkey *k)
if (!PEM_write_RSA_PUBKEY(stdout, k->rsa))
fatal("PEM_write_RSA_PUBKEY failed");
break;
#ifdef WITH_DSA
case KEY_DSA:
if (!PEM_write_DSA_PUBKEY(stdout, k->dsa))
fatal("PEM_write_DSA_PUBKEY failed");
break;
#endif
case KEY_ECDSA:
if (!PEM_write_EC_PUBKEY(stdout, k->ecdsa))
fatal("PEM_write_EC_PUBKEY failed");
@ -385,10 +389,12 @@ do_convert_to_pem(struct sshkey *k)
if (!PEM_write_RSAPublicKey(stdout, k->rsa))
fatal("PEM_write_RSAPublicKey failed");
break;
#ifdef WITH_DSA
case KEY_DSA:
if (!PEM_write_DSA_PUBKEY(stdout, k->dsa))
fatal("PEM_write_DSA_PUBKEY failed");
break;
#endif
case KEY_ECDSA:
if (!PEM_write_EC_PUBKEY(stdout, k->ecdsa))
fatal("PEM_write_EC_PUBKEY failed");
@ -461,8 +467,10 @@ do_convert_private_ssh2(struct sshbuf *b)
u_int magic, i1, i2, i3, i4;
size_t slen;
u_long e;
#ifdef WITH_DSA
BIGNUM *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL;
BIGNUM *dsa_pub_key = NULL, *dsa_priv_key = NULL;
#endif
BIGNUM *rsa_n = NULL, *rsa_e = NULL, *rsa_d = NULL;
BIGNUM *rsa_p = NULL, *rsa_q = NULL, *rsa_iqmp = NULL;
@ -490,10 +498,12 @@ do_convert_private_ssh2(struct sshbuf *b)
}
free(cipher);
if (strstr(type, "dsa")) {
ktype = KEY_DSA;
} else if (strstr(type, "rsa")) {
if (strstr(type, "rsa")) {
ktype = KEY_RSA;
#ifdef WITH_DSA
} else if (strstr(type, "dsa")) {
ktype = KEY_DSA;
#endif
} else {
free(type);
return NULL;
@ -503,6 +513,7 @@ do_convert_private_ssh2(struct sshbuf *b)
free(type);
switch (key->type) {
#ifdef WITH_DSA
case KEY_DSA:
if ((dsa_p = BN_new()) == NULL ||
(dsa_q = BN_new()) == NULL ||
@ -522,6 +533,7 @@ do_convert_private_ssh2(struct sshbuf *b)
fatal_f("DSA_set0_key failed");
dsa_pub_key = dsa_priv_key = NULL; /* transferred */
break;
#endif
case KEY_RSA:
if ((r = sshbuf_get_u8(b, &e1)) != 0 ||
(e1 < 30 && (r = sshbuf_get_u8(b, &e2)) != 0) ||
@ -685,12 +697,14 @@ do_convert_from_pkcs8(struct sshkey **k, int *private)
(*k)->type = KEY_RSA;
(*k)->rsa = EVP_PKEY_get1_RSA(pubkey);
break;
#ifdef WITH_DSA
case EVP_PKEY_DSA:
if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
fatal("sshkey_new failed");
(*k)->type = KEY_DSA;
(*k)->dsa = EVP_PKEY_get1_DSA(pubkey);
break;
#endif
case EVP_PKEY_EC:
if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
fatal("sshkey_new failed");
@ -758,10 +772,12 @@ do_convert_from(struct passwd *pw)
fprintf(stdout, "\n");
} else {
switch (k->type) {
#ifdef WITH_DSA
case KEY_DSA:
ok = PEM_write_DSAPrivateKey(stdout, k->dsa, NULL,
NULL, 0, NULL, NULL);
break;
#endif
case KEY_ECDSA:
ok = PEM_write_ECPrivateKey(stdout, k->ecdsa, NULL,
NULL, 0, NULL, NULL);
@ -3726,9 +3742,11 @@ main(int argc, char **argv)
n += do_print_resource_record(pw,
_PATH_HOST_RSA_KEY_FILE, rr_hostname,
print_generic, opts, nopts);
#ifdef WITH_DSA
n += do_print_resource_record(pw,
_PATH_HOST_DSA_KEY_FILE, rr_hostname,
print_generic, opts, nopts);
#endif
n += do_print_resource_record(pw,
_PATH_HOST_ECDSA_KEY_FILE, rr_hostname,
print_generic, opts, nopts);

4
usr.bin/ssh/ssh-keyscan.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-keyscan.c,v 1.154 2023/12/20 00:06:25 jsg Exp $ */
/* $OpenBSD: ssh-keyscan.c,v 1.155 2024/01/11 01:45:36 djm Exp $ */
/*
* Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
*
@ -763,9 +763,11 @@ main(int argc, char **argv)
int type = sshkey_type_from_name(tname);
switch (type) {
#ifdef WITH_DSA
case KEY_DSA:
get_keytypes |= KT_DSA;
break;
#endif
case KEY_ECDSA:
get_keytypes |= KT_ECDSA;
break;

7
usr.bin/ssh/ssh-keysign.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-keysign.c,v 1.71 2022/08/01 11:09:26 djm Exp $ */
/* $OpenBSD: ssh-keysign.c,v 1.73 2024/01/11 01:51:16 djm Exp $ */
/*
* Copyright (c) 2002 Markus Friedl. All rights reserved.
*
@ -190,9 +190,14 @@ main(int argc, char **argv)
if (fd > 2)
close(fd);
for (i = 0; i < NUM_KEYTYPES; i++)
key_fd[i] = -1;
i = 0;
/* XXX This really needs to read sshd_config for the paths */
#ifdef WITH_DSA
key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
#endif
key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
key_fd[i++] = open(_PATH_HOST_ED25519_KEY_FILE, O_RDONLY);
key_fd[i++] = open(_PATH_HOST_XMSS_KEY_FILE, O_RDONLY);

6
usr.bin/ssh/ssh.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh.c,v 1.599 2023/12/18 14:47:44 djm Exp $ */
/* $OpenBSD: ssh.c,v 1.600 2024/01/11 01:45:36 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -1666,11 +1666,15 @@ main(int ac, char **av)
L_CERT(_PATH_HOST_ECDSA_KEY_FILE, 0);
L_CERT(_PATH_HOST_ED25519_KEY_FILE, 1);
L_CERT(_PATH_HOST_RSA_KEY_FILE, 2);
#ifdef WITH_DSA
L_CERT(_PATH_HOST_DSA_KEY_FILE, 3);
#endif
L_PUBKEY(_PATH_HOST_ECDSA_KEY_FILE, 4);
L_PUBKEY(_PATH_HOST_ED25519_KEY_FILE, 5);
L_PUBKEY(_PATH_HOST_RSA_KEY_FILE, 6);
#ifdef WITH_DSA
L_PUBKEY(_PATH_HOST_DSA_KEY_FILE, 7);
#endif
L_CERT(_PATH_HOST_XMSS_KEY_FILE, 8);
L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 9);
if (loaded == 0)

4
usr.bin/ssh/sshconnect.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshconnect.c,v 1.365 2023/11/20 02:50:00 djm Exp $ */
/* $OpenBSD: sshconnect.c,v 1.366 2024/01/11 01:45:36 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -1557,7 +1557,9 @@ show_other_keys(struct hostkeys *hostkeys, struct sshkey *key)
{
int type[] = {
KEY_RSA,
#ifdef WITH_DSA
KEY_DSA,
#endif
KEY_ECDSA,
KEY_ED25519,
KEY_XMSS,

10
usr.bin/ssh/sshkey.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshkey.c,v 1.141 2023/12/20 00:06:25 jsg Exp $ */
/* $OpenBSD: sshkey.c,v 1.142 2024/01/11 01:45:36 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Alexander von Gernler. All rights reserved.
@ -108,8 +108,10 @@ extern const struct sshkey_impl sshkey_rsa_sha256_impl;
extern const struct sshkey_impl sshkey_rsa_sha256_cert_impl;
extern const struct sshkey_impl sshkey_rsa_sha512_impl;
extern const struct sshkey_impl sshkey_rsa_sha512_cert_impl;
# ifdef WITH_DSA
extern const struct sshkey_impl sshkey_dss_impl;
extern const struct sshkey_impl sshkey_dsa_cert_impl;
# endif
#endif /* WITH_OPENSSL */
#ifdef WITH_XMSS
extern const struct sshkey_impl sshkey_xmss_impl;
@ -131,8 +133,10 @@ const struct sshkey_impl * const keyimpls[] = {
&sshkey_ecdsa_sk_impl,
&sshkey_ecdsa_sk_cert_impl,
&sshkey_ecdsa_sk_webauthn_impl,
# ifdef WITH_DSA
&sshkey_dss_impl,
&sshkey_dsa_cert_impl,
# endif
&sshkey_rsa_impl,
&sshkey_rsa_cert_impl,
&sshkey_rsa_sha256_impl,
@ -3197,6 +3201,7 @@ sshkey_private_to_blob_pem_pkcs8(struct sshkey *key, struct sshbuf *buf,
goto out;
switch (key->type) {
#ifdef WITH_DSA
case KEY_DSA:
if (format == SSHKEY_PRIVATE_PEM) {
success = PEM_write_bio_DSAPrivateKey(bio, key->dsa,
@ -3205,6 +3210,7 @@ sshkey_private_to_blob_pem_pkcs8(struct sshkey *key, struct sshbuf *buf,
success = EVP_PKEY_set1_DSA(pkey, key->dsa);
}
break;
#endif
case KEY_ECDSA:
if (format == SSHKEY_PRIVATE_PEM) {
success = PEM_write_bio_ECPrivateKey(bio, key->ecdsa,
@ -3411,6 +3417,7 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type,
}
if ((r = sshkey_check_rsa_length(prv, 0)) != 0)
goto out;
#ifdef WITH_DSA
} else if (EVP_PKEY_base_id(pk) == EVP_PKEY_DSA &&
(type == KEY_UNSPEC || type == KEY_DSA)) {
if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
@ -3421,6 +3428,7 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type,
prv->type = KEY_DSA;
#ifdef DEBUG_PK
DSA_print_fp(stderr, prv->dsa, 8);
#endif
#endif
} else if (EVP_PKEY_base_id(pk) == EVP_PKEY_EC &&
(type == KEY_UNSPEC || type == KEY_ECDSA)) {

13
usr.sbin/bgpctl/output.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: output.c,v 1.44 2024/01/10 14:59:41 claudio Exp $ */
/* $OpenBSD: output.c,v 1.46 2024/01/11 14:34:49 claudio Exp $ */
/*
* Copyright (c) 2003 Henning Brauer <henning@openbsd.org>
@ -388,10 +388,6 @@ show_neighbor_full(struct peer *p, struct parse_result *res)
show_neighbor_msgstats(p);
printf("\n");
if (p->stats.last_reason[0]) {
printf(" Last received shutdown reason: \"%s\"\n",
log_reason(p->stats.last_reason));
}
errstr = fmt_errstr(p->stats.last_sent_errcode,
p->stats.last_sent_suberr);
@ -401,6 +397,10 @@ show_neighbor_full(struct peer *p, struct parse_result *res)
p->stats.last_rcvd_suberr);
if (errstr)
printf(" Last error received: %s\n", errstr);
if (p->stats.last_reason[0]) {
printf(" Last received shutdown reason: \"%s\"\n",
log_reason(p->stats.last_reason));
}
if (p->state >= STATE_OPENSENT) {
printf(" Local host: %20s, Local port: %5u\n",
@ -1171,12 +1171,13 @@ show_rtr(struct ctl_show_rtr *rtr)
printf("RTR neighbor is %s, port %u\n",
log_addr(&rtr->remote_addr), rtr->remote_port);
printf(" State: %s\n", rtr->state);
if (rtr->descr[0])
printf(" Description: %s\n", rtr->descr);
if (rtr->local_addr.aid != AID_UNSPEC)
printf(" Local Address: %s\n", log_addr(&rtr->local_addr));
if (rtr->session_id != -1)
printf("Version: %u Session ID: %d Serial #: %u\n",
printf(" Version: %u Session ID: %d Serial #: %u\n",
rtr->version, rtr->session_id, rtr->serial);
printf(" Refresh: %u, Retry: %u, Expire: %u\n",
rtr->refresh, rtr->retry, rtr->expire);

3
usr.sbin/bgpctl/output_json.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: output_json.c,v 1.37 2023/12/19 10:32:20 claudio Exp $ */
/* $OpenBSD: output_json.c,v 1.38 2024/01/11 13:09:41 claudio Exp $ */
/*
* Copyright (c) 2020 Claudio Jeker <claudio@openbsd.org>
@ -1007,6 +1007,7 @@ json_rtr(struct ctl_show_rtr *rtr)
json_do_uint("remote_port", rtr->remote_port);
if (rtr->local_addr.aid != AID_UNSPEC)
json_do_string("local_addr", log_addr(&rtr->local_addr));
json_do_string("state", rtr->state);
if (rtr->session_id != -1) {
json_do_uint("version", rtr->version);

3
usr.sbin/bgpd/bgpd.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: bgpd.h,v 1.480 2024/01/10 13:31:09 claudio Exp $ */
/* $OpenBSD: bgpd.h,v 1.481 2024/01/11 13:08:39 claudio Exp $ */
/*
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@ -562,6 +562,7 @@ struct rtr_config {
struct ctl_show_rtr {
char descr[PEER_DESCR_LEN];
char state[PEER_DESCR_LEN];
struct bgpd_addr remote_addr;
struct bgpd_addr local_addr;
uint32_t serial;

57
usr.sbin/bgpd/control.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: control.c,v 1.115 2024/01/10 11:08:04 claudio Exp $ */
/* $OpenBSD: control.c,v 1.116 2024/01/11 15:46:25 claudio Exp $ */
/*
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@ -145,9 +145,9 @@ control_fill_pfds(struct pollfd *pfd, size_t size)
size_t i = 0;
TAILQ_FOREACH(ctl_conn, &ctl_conns, entry) {
pfd[i].fd = ctl_conn->ibuf.fd;
pfd[i].fd = ctl_conn->imsgbuf.fd;
pfd[i].events = POLLIN;
if (ctl_conn->ibuf.w.queued > 0)
if (ctl_conn->imsgbuf.w.queued > 0)
pfd[i].events |= POLLOUT;
i++;
}
@ -181,7 +181,7 @@ control_accept(int listenfd, int restricted)
return (0);
}
imsg_init(&ctl_conn->ibuf, connfd);
imsg_init(&ctl_conn->imsgbuf, connfd);
ctl_conn->restricted = restricted;
TAILQ_INSERT_TAIL(&ctl_conns, ctl_conn, entry);
@ -195,7 +195,7 @@ control_connbyfd(int fd)
struct ctl_conn *c;
TAILQ_FOREACH(c, &ctl_conns, entry) {
if (c->ibuf.fd == fd)
if (c->imsgbuf.fd == fd)
break;
}
@ -208,7 +208,7 @@ control_connbypid(pid_t pid)
struct ctl_conn *c;
TAILQ_FOREACH(c, &ctl_conns, entry) {
if (c->ibuf.pid == pid)
if (c->imsgbuf.pid == pid)
break;
}
@ -218,13 +218,13 @@ control_connbypid(pid_t pid)
int
control_close(struct ctl_conn *c)
{
if (c->terminate && c->ibuf.pid)
imsg_ctl_rde_msg(IMSG_CTL_TERMINATE, 0, c->ibuf.pid);
if (c->terminate && c->imsgbuf.pid)
imsg_ctl_rde_msg(IMSG_CTL_TERMINATE, 0, c->imsgbuf.pid);
msgbuf_clear(&c->ibuf.w);
msgbuf_clear(&c->imsgbuf.w);
TAILQ_REMOVE(&ctl_conns, c, entry);
close(c->ibuf.fd);
close(c->imsgbuf.fd);
free(c);
pauseaccept = 0;
return (1);
@ -249,10 +249,10 @@ control_dispatch_msg(struct pollfd *pfd, struct peer_head *peers)
}
if (pfd->revents & POLLOUT) {
if (msgbuf_write(&c->ibuf.w) <= 0 && errno != EAGAIN)
if (msgbuf_write(&c->imsgbuf.w) <= 0 && errno != EAGAIN)
return control_close(c);
if (c->throttled && c->ibuf.w.queued < CTL_MSG_LOW_MARK) {
if (imsg_ctl_rde_msg(IMSG_XON, 0, c->ibuf.pid) != -1)
if (c->throttled && c->imsgbuf.w.queued < CTL_MSG_LOW_MARK) {
if (imsg_ctl_rde_msg(IMSG_XON, 0, c->imsgbuf.pid) != -1)
c->throttled = 0;
}
}
@ -260,12 +260,12 @@ control_dispatch_msg(struct pollfd *pfd, struct peer_head *peers)
if (!(pfd->revents & POLLIN))
return (0);
if (((n = imsg_read_nofd(&c->ibuf)) == -1 && errno != EAGAIN) ||
if (((n = imsg_read_nofd(&c->imsgbuf)) == -1 && errno != EAGAIN) ||
n == 0)
return control_close(c);
for (;;) {
if ((n = imsg_get(&c->ibuf, &imsg)) == -1)
if ((n = imsg_get(&c->imsgbuf, &imsg)) == -1)
return control_close(c);
if (n == 0)
@ -301,7 +301,7 @@ control_dispatch_msg(struct pollfd *pfd, struct peer_head *peers)
* The imsg.hdr.pid is from the remote end and should not
* be trusted.
*/
c->ibuf.pid = pid;
c->imsgbuf.pid = pid;
switch (type) {
case IMSG_NONE:
/* message was filtered out, nothing to do */
@ -312,9 +312,11 @@ control_dispatch_msg(struct pollfd *pfd, struct peer_head *peers)
break;
case IMSG_CTL_SHOW_TERSE:
RB_FOREACH(p, peer_head, peers)
imsg_compose(&c->ibuf, IMSG_CTL_SHOW_NEIGHBOR,
0, 0, -1, p, sizeof(struct peer));
imsg_compose(&c->ibuf, IMSG_CTL_END, 0, 0, -1, NULL, 0);
imsg_compose(&c->imsgbuf,
IMSG_CTL_SHOW_NEIGHBOR, 0, 0, -1,
p, sizeof(struct peer));
imsg_compose(&c->imsgbuf, IMSG_CTL_END, 0, 0, -1,
NULL, 0);
break;
case IMSG_CTL_SHOW_NEIGHBOR:
if (imsg_get_data(&imsg, &neighbor,
@ -335,7 +337,7 @@ control_dispatch_msg(struct pollfd *pfd, struct peer_head *peers)
time_t d;
struct ctl_timer ct;
imsg_compose(&c->ibuf,
imsg_compose(&c->imsgbuf,
IMSG_CTL_SHOW_NEIGHBOR,
0, 0, -1, p, sizeof(*p));
for (i = 1; i < Timer_Max; i++) {
@ -344,7 +346,7 @@ control_dispatch_msg(struct pollfd *pfd, struct peer_head *peers)
continue;
ct.type = i;
ct.val = d;
imsg_compose(&c->ibuf,
imsg_compose(&c->imsgbuf,
IMSG_CTL_SHOW_TIMER,
0, 0, -1, &ct, sizeof(ct));
}
@ -355,8 +357,8 @@ control_dispatch_msg(struct pollfd *pfd, struct peer_head *peers)
} else if (!neighbor.show_timers) {
imsg_ctl_rde_msg(IMSG_CTL_END, 0, pid);
} else {
imsg_compose(&c->ibuf, IMSG_CTL_END, 0, 0, -1,
NULL, 0);
imsg_compose(&c->imsgbuf, IMSG_CTL_END, 0, 0,
-1, NULL, 0);
}
break;
case IMSG_CTL_NEIGHBOR_UP:
@ -566,25 +568,26 @@ control_imsg_relay(struct imsg *imsg, struct peer *p)
p->stats.pending_update = stats.pending_update;
p->stats.pending_withdraw = stats.pending_withdraw;
return imsg_compose(&c->ibuf, type, 0, pid, -1, p, sizeof(*p));
return imsg_compose(&c->imsgbuf, type, 0, pid, -1,
p, sizeof(*p));
}
/* if command finished no need to send exit message */
if (type == IMSG_CTL_END || type == IMSG_CTL_RESULT)
c->terminate = 0;
if (!c->throttled && c->ibuf.w.queued > CTL_MSG_HIGH_MARK) {
if (!c->throttled && c->imsgbuf.w.queued > CTL_MSG_HIGH_MARK) {
if (imsg_ctl_rde_msg(IMSG_XOFF, 0, pid) != -1)
c->throttled = 1;
}
return (imsg_forward(&c->ibuf, imsg));
return (imsg_forward(&c->imsgbuf, imsg));
}
void
control_result(struct ctl_conn *c, u_int code)
{
imsg_compose(&c->ibuf, IMSG_CTL_RESULT, 0, c->ibuf.pid, -1,
imsg_compose(&c->imsgbuf, IMSG_CTL_RESULT, 0, c->imsgbuf.pid, -1,
&code, sizeof(code));
}

103
usr.sbin/bgpd/rtr_proto.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: rtr_proto.c,v 1.28 2024/01/10 16:08:36 claudio Exp $ */
/* $OpenBSD: rtr_proto.c,v 1.31 2024/01/11 15:38:05 claudio Exp $ */
/*
* Copyright (c) 2020 Claudio Jeker <claudio@openbsd.org>
@ -207,6 +207,7 @@ struct rtr_session {
char last_sent_msg[REASON_LEN];
char last_recv_msg[REASON_LEN];
uint8_t version;
uint8_t prev_version;
};
TAILQ_HEAD(, rtr_session) rtrs = TAILQ_HEAD_INITIALIZER(rtrs);
@ -434,11 +435,16 @@ rtr_parse_header(struct rtr_session *rs, struct ibuf *hdr,
switch (rh.type) {
case CACHE_RESPONSE:
case CACHE_RESET:
case ERROR_REPORT:
if (rh.version < rs->version)
/* implicit downgrade */
if (rh.version < rs->version) {
rs->prev_version = rs->version;
rs->version = rh.version;
}
rtr_fsm(rs, RTR_EVNT_NEGOTIATION_DONE);
break;
case ERROR_REPORT:
/* version handled in rtr_parse_error() */
break;
case SERIAL_NOTIFY:
/* ignore SERIAL_NOTIFY */
break;
@ -953,9 +959,14 @@ rtr_parse_error(struct rtr_session *rs, struct ibuf *pdu)
if (errcode == NO_DATA_AVAILABLE) {
rtr_fsm(rs, RTR_EVNT_NO_DATA);
rv = 0;
} else if (errcode == UNSUPP_PROTOCOL_VERS)
} else if (errcode == UNSUPP_PROTOCOL_VERS) {
if (rh.version < rs->version) {
rs->prev_version = rs->version;
rs->version = rh.version;
}
rtr_fsm(rs, RTR_EVNT_UNSUPP_PROTO_VERSION);
else
rv = 0;
} else
rtr_fsm(rs, RTR_EVNT_RESET_AND_CLOSE);
rs->last_recv_error = errcode;
@ -1062,45 +1073,28 @@ rtr_fsm(struct rtr_session *rs, enum rtr_event event)
switch (event) {
case RTR_EVNT_UNSUPP_PROTO_VERSION:
if (rs->state == RTR_STATE_NEGOTIATION) {
if (rs->version > 0)
rs->version--;
else {
/*
* can't downgrade anymore, fail connection
* RFC requires to send the error with our
* highest version number.
*/
rs->version = RTR_MAX_VERSION;
rtr_send_error(rs, NULL, UNSUPP_PROTOCOL_VERS,
"negotiation failed");
return;
}
if (rs->fd != -1) {
/* flush buffers */
msgbuf_clear(&rs->w);
rs->r.wpos = 0;
close(rs->fd);
rs->fd = -1;
}
/* retry connection with lower version */
timer_set(&rs->timers, Timer_Rtr_Retry, rs->retry);
rtr_imsg_compose(IMSG_SOCKET_CONN, rs->id, 0, NULL, 0);
break;
if (rs->prev_version == rs->version) {
/*
* Can't downgrade anymore, fail connection.
* RFC requires sending the error with the
* highest supported version number.
*/
rs->version = RTR_MAX_VERSION;
rtr_send_error(rs, NULL, UNSUPP_PROTOCOL_VERS,
"negotiation failed");
return;
}
/* FALLTHROUGH */
/* try again with new version */
if (rs->session_id == -1)
rtr_send_reset_query(rs);
else
rtr_send_serial_query(rs);
break;
case RTR_EVNT_RESET_AND_CLOSE:
rtr_reset_cache(rs);
rtr_recalc();
/* FALLTHROUGH */
case RTR_EVNT_CON_CLOSE:
if (rs->state == RTR_STATE_NEGOTIATION) {
/* consider any close event as a version failure. */
rtr_fsm(rs, RTR_EVNT_UNSUPP_PROTO_VERSION);
break;
}
if (rs->fd != -1) {
/* flush buffers */
msgbuf_clear(&rs->w);
@ -1108,27 +1102,37 @@ rtr_fsm(struct rtr_session *rs, enum rtr_event event)
close(rs->fd);
rs->fd = -1;
}
rs->state = RTR_STATE_CLOSED;
/* try to reopen session */
timer_set(&rs->timers, Timer_Rtr_Retry,
arc4random_uniform(10));
/*
* A close event during version negotiation needs to remain
* in the negotiation state else the same error will happen
* over and over again. The RFC is utterly underspecified
* and some RTR caches close the connection after sending
* the error PDU.
*/
if (rs->state != RTR_STATE_NEGOTIATION)
rs->state = RTR_STATE_CLOSED;
break;
case RTR_EVNT_START:
case RTR_EVNT_TIMER_RETRY:
switch (rs->state) {
case RTR_STATE_ERROR:
rtr_fsm(rs, RTR_EVNT_CON_CLOSE);
return;
break;
case RTR_STATE_CLOSED:
case RTR_STATE_NEGOTIATION:
timer_set(&rs->timers, Timer_Rtr_Retry, rs->retry);
rtr_imsg_compose(IMSG_SOCKET_CONN, rs->id, 0, NULL, 0);
return;
break;
default:
break;
}
/* FALLTHROUGH */
break;
case RTR_EVNT_CON_OPEN:
timer_stop(&rs->timers, Timer_Rtr_Retry);
rs->state = RTR_STATE_NEGOTIATION;
if (rs->session_id == -1)
rtr_send_reset_query(rs);
else
@ -1140,7 +1144,6 @@ rtr_fsm(struct rtr_session *rs, enum rtr_event event)
arc4random_uniform(10));
break;
case RTR_EVNT_TIMER_REFRESH:
/* send serial query */
rtr_send_serial_query(rs);
break;
case RTR_EVNT_TIMER_EXPIRE:
@ -1171,6 +1174,11 @@ rtr_fsm(struct rtr_session *rs, enum rtr_event event)
rtr_sem_release(rs->active_lock);
rtr_recalc();
rs->active_lock = 0;
/* clear the last errors */
rs->last_sent_error = NO_ERROR;
rs->last_recv_error = NO_ERROR;
rs->last_sent_msg[0] = '\0';
rs->last_recv_msg[0] = '\0';
break;
case RTR_EVNT_CACHE_RESET:
rtr_reset_cache(rs);
@ -1279,8 +1287,6 @@ rtr_check_events(struct pollfd *pfds, size_t npfds)
now = getmonotime();
TAILQ_FOREACH(rs, &rtrs, entry)
if ((t = timer_nextisdue(&rs->timers, now)) != NULL) {
log_debug("rtr %s: %s triggered", log_rtr(rs),
timernames[t->type]);
/* stop timer so it does not trigger again */
timer_stop(&rs->timers, t->type);
switch (t->type) {
@ -1366,6 +1372,7 @@ rtr_new(uint32_t id, char *descr)
rs->id = id;
rs->session_id = -1;
rs->version = RTR_MAX_VERSION;
rs->prev_version = RTR_MAX_VERSION;
rs->refresh = RTR_DEFAULT_REFRESH;
rs->retry = RTR_DEFAULT_RETRY;
rs->expire = RTR_DEFAULT_EXPIRE;
@ -1417,11 +1424,12 @@ rtr_open(struct rtr_session *rs, int fd)
rtr_fsm(rs, RTR_EVNT_CON_CLOSE);
}
if (rs->state == RTR_STATE_CLOSED)
if (rs->state == RTR_STATE_CLOSED) {
rs->version = RTR_MAX_VERSION;
rs->prev_version = RTR_MAX_VERSION;
}
rs->fd = rs->w.fd = fd;
rs->state = RTR_STATE_NEGOTIATION;
rtr_fsm(rs, RTR_EVNT_CON_OPEN);
}
@ -1506,6 +1514,7 @@ rtr_show(struct rtr_session *rs, pid_t pid)
msg.session_id = rs->session_id;
msg.last_sent_error = rs->last_sent_error;
msg.last_recv_error = rs->last_recv_error;
strlcpy(msg.state, rtr_statenames[rs->state], sizeof(msg.state));
strlcpy(msg.last_sent_msg, rs->last_sent_msg,
sizeof(msg.last_sent_msg));
strlcpy(msg.last_recv_msg, rs->last_recv_msg,

14
usr.sbin/bgpd/session.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: session.c,v 1.457 2024/01/10 11:08:04 claudio Exp $ */
/* $OpenBSD: session.c,v 1.458 2024/01/11 14:11:03 claudio Exp $ */
/*
* Copyright (c) 2003, 2004, 2005 Henning Brauer <henning@openbsd.org>
@ -608,11 +608,6 @@ bgp_fsm(struct peer *peer, enum session_events event)
/* init write buffer */
msgbuf_init(&peer->wbuf);
peer->stats.last_sent_errcode = 0;
peer->stats.last_sent_suberr = 0;
peer->stats.last_rcvd_errcode = 0;
peer->stats.last_rcvd_suberr = 0;
if (!peer->depend_ok)
timer_stop(&peer->timers, Timer_ConnectRetry);
else if (peer->passive || peer->conf.passive ||
@ -3553,6 +3548,13 @@ session_up(struct peer *p)
{
struct session_up sup;
/* clear last errors, now that the session is up */
p->stats.last_sent_errcode = 0;
p->stats.last_sent_suberr = 0;
p->stats.last_rcvd_errcode = 0;
p->stats.last_rcvd_suberr = 0;
memset(p->stats.last_reason, 0, sizeof(p->stats.last_reason));
if (imsg_rde(IMSG_SESSION_ADD, p->conf.id,
&p->conf, sizeof(p->conf)) == -1)
fatalx("imsg_compose error");

4
usr.sbin/bgpd/session.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: session.h,v 1.165 2024/01/10 11:08:04 claudio Exp $ */
/* $OpenBSD: session.h,v 1.166 2024/01/11 15:46:25 claudio Exp $ */
/*
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@ -130,7 +130,7 @@ struct bgpd_sysdep {
struct ctl_conn {
TAILQ_ENTRY(ctl_conn) entry;
struct imsgbuf ibuf;
struct imsgbuf imsgbuf;
int restricted;
int throttled;
int terminate;

7
usr.sbin/rpki-client/cert.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: cert.c,v 1.121 2023/12/14 07:52:53 tb Exp $ */
/* $OpenBSD: cert.c,v 1.122 2024/01/11 11:55:14 job Exp $ */
/*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2021 Job Snijders <job@openbsd.org>
@ -1016,6 +1016,7 @@ ta_parse(const char *fn, struct cert *p, const unsigned char *pkey,
{
ASN1_TIME *notBefore, *notAfter;
EVP_PKEY *pk, *opk;
time_t now = get_current_time();
if (p == NULL)
return NULL;
@ -1044,11 +1045,11 @@ ta_parse(const char *fn, struct cert *p, const unsigned char *pkey,
warnx("%s: certificate has invalid notAfter", fn);
goto badcert;
}
if (X509_cmp_current_time(notBefore) != -1) {
if (X509_cmp_time(notBefore, &now) != -1) {
warnx("%s: certificate not yet valid", fn);
goto badcert;
}
if (X509_cmp_current_time(notAfter) != 1) {
if (X509_cmp_time(notAfter, &now) != 1) {
warnx("%s: certificate has expired", fn);
goto badcert;
}