diff --git a/lib/libc/gen/syslog.3 b/lib/libc/gen/syslog.3 index da1382a89..ab411f3a4 100644 --- a/lib/libc/gen/syslog.3 +++ b/lib/libc/gen/syslog.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: syslog.3,v 1.37 2022/03/31 17:27:15 naddy Exp $ +.\" $OpenBSD: syslog.3,v 1.38 2024/06/11 23:35:27 jsg Exp $ .\" .\" Copyright (c) 1985, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -27,7 +27,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd $Mdocdate: March 31 2022 $ +.Dd $Mdocdate: June 11 2024 $ .Dt SYSLOG 3 .Os .Sh NAME @@ -392,8 +392,6 @@ The functions and .Fn setlogmask_r appeared in -.Bx 386 0.1 -and have been available since .Ox 3.1 . .Sh CAVEATS It is important never to pass a string with user-supplied data as a diff --git a/lib/libcrypto/x509/x509.h b/lib/libcrypto/x509/x509.h index acdb28350..3d0fc3b06 100644 --- a/lib/libcrypto/x509/x509.h +++ b/lib/libcrypto/x509/x509.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.h,v 1.111 2024/03/02 10:59:41 tb Exp $ */ +/* $OpenBSD: x509.h,v 1.112 2024/06/12 03:55:46 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -693,8 +693,8 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, #endif const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); -void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid, - const ASN1_BIT_STRING **psuid); +void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **issuerUID, + const ASN1_BIT_STRING **subjectUID); const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); int X509_set_version(X509 *x, long version); long X509_get_version(const X509 *x); diff --git a/lib/libtls/tls_signer.c b/lib/libtls/tls_signer.c index d423b3b1c..2573803ec 100644 --- a/lib/libtls/tls_signer.c +++ b/lib/libtls/tls_signer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_signer.c,v 1.12 2024/03/28 06:55:02 joshua Exp $ */ +/* $OpenBSD: tls_signer.c,v 1.13 2024/06/11 16:35:24 op Exp $ */ /* * Copyright (c) 2021 Eric Faurot * @@ -16,10 +16,19 @@ */ #include +#include +#include +#include +#include +#include -#include +#include +#include #include +#include +#include #include +#include #include "tls.h" #include "tls_internal.h" diff --git a/regress/usr.bin/ssh/test-exec.sh b/regress/usr.bin/ssh/test-exec.sh index fcf916414..7adf0889a 100644 --- a/regress/usr.bin/ssh/test-exec.sh +++ b/regress/usr.bin/ssh/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.114 2024/06/06 19:48:40 djm Exp $ +# $OpenBSD: test-exec.sh,v 1.115 2024/06/11 01:58:27 djm Exp $ # Placed in the Public Domain. #SUDO=sudo @@ -265,6 +265,7 @@ export SSH_PKCS11_HELPER SSH_SK_HELPER stop_sshd () { + [ -z $PIDFILE ] && return [ -f $PIDFILE ] || return pid=`$SUDO cat $PIDFILE` if [ "X$pid" = "X" ]; then @@ -675,6 +676,7 @@ chmod a+x $OBJ/ssh_proxy.sh start_sshd () { + PIDFILE=$OBJ/pidfile # start sshd logfile="${TEST_SSH_LOGDIR}/sshd.`$OBJ/timestamp`.$$.log" $SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken" diff --git a/sys/arch/amd64/amd64/conf.c b/sys/arch/amd64/amd64/conf.c index f87df4218..8acf196ce 100644 --- a/sys/arch/amd64/amd64/conf.c +++ b/sys/arch/amd64/amd64/conf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf.c,v 1.78 2023/03/06 17:20:05 miod Exp $ */ +/* $OpenBSD: conf.c,v 1.80 2024/06/11 09:21:32 jsg Exp $ */ /* * Copyright (c) 1994, 1995 Charles M. Hannum. All rights reserved. @@ -117,14 +117,6 @@ cdev_decl(pcmcia); #endif #include "spkr.h" cdev_decl(spkr); -#if 0 /* old (non-wsmouse) drivers */ -#include "mms.h" -cdev_decl(mms); -#include "lms.h" -cdev_decl(lms); -#include "opms.h" -cdev_decl(pms); -#endif #include "cy.h" cdev_decl(cy); #include "tun.h" @@ -149,7 +141,6 @@ cdev_decl(cztty); #include "nvram.h" cdev_decl(nvram); #include "drm.h" -cdev_decl(drm); #include "viocon.h" cdev_decl(viocon); diff --git a/sys/arch/arm/arm/cpu.c b/sys/arch/arm/arm/cpu.c index c939b6a91..079cc3945 100644 --- a/sys/arch/arm/arm/cpu.c +++ b/sys/arch/arm/arm/cpu.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cpu.c,v 1.59 2023/10/24 13:20:09 claudio Exp $ */ +/* $OpenBSD: cpu.c,v 1.60 2024/06/11 15:44:55 kettenis Exp $ */ /* $NetBSD: cpu.c,v 1.56 2004/04/14 04:01:49 bsh Exp $ */ @@ -836,6 +836,10 @@ cpu_opp_mountroot(struct device *self) min = ot->ot_opp_hz_min; max = ot->ot_opp_hz_max; level_hz = clock_get_frequency(ci->ci_node, NULL); + if (level_hz < min) + level_hz = min; + if (level_hz > max) + level_hz = max; level = howmany(100 * (level_hz - min), (max - min)); } diff --git a/sys/arch/arm64/arm64/conf.c b/sys/arch/arm64/arm64/conf.c index e730a4b26..a23913382 100644 --- a/sys/arch/arm64/arm64/conf.c +++ b/sys/arch/arm64/arm64/conf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf.c,v 1.22 2023/03/06 17:20:06 miod Exp $ */ +/* $OpenBSD: conf.c,v 1.24 2024/06/12 02:50:25 jsg Exp $ */ /* * Copyright (c) 1994, 1995 Charles M. Hannum. All rights reserved. @@ -100,7 +100,6 @@ cdev_decl(lpt); #include "ucom.h" #include "radio.h" #include "drm.h" -cdev_decl(drm); #include "wsdisplay.h" #include "wskbd.h" @@ -237,6 +236,8 @@ struct cdevsw cdevsw[] = }; int nchrdev = nitems(cdevsw); +int mem_no = 2; /* major device number of memory special file */ + /* * Swapdev is a fake device implemented * in sw.c used only internally to get to swstrategy. @@ -246,7 +247,7 @@ int nchrdev = nitems(cdevsw); * confuse, e.g. the hashing routines. Instead, /dev/drum is * provided as a character (raw) device. */ -dev_t swapdev = makedev(BMAJ_SW, 0); +dev_t swapdev = makedev(1, 0); /* * Returns true if dev is /dev/mem or /dev/kmem. @@ -254,8 +255,7 @@ dev_t swapdev = makedev(BMAJ_SW, 0); int iskmemdev(dev_t dev) { - - return (major(dev) == CMAJ_MM && minor(dev) < 2); + return (major(dev) == mem_no && minor(dev) < 2); } /* @@ -264,14 +264,13 @@ iskmemdev(dev_t dev) int iszerodev(dev_t dev) { - - return (major(dev) == CMAJ_MM && minor(dev) == 12); + return (major(dev) == mem_no && minor(dev) == 12); } dev_t getnulldev(void) { - return makedev(CMAJ_MM, 2); + return makedev(mem_no, 2); } const int chrtoblktbl[] = { @@ -348,8 +347,8 @@ dev_rawpart(struct device *dv) switch (majdev) { /* add here any device you want to be checksummed on boot */ - case BMAJ_WD: - case BMAJ_SD: + case 0: /* wd */ + case 4: /* sd */ return (MAKEDISKDEV(majdev, dv->dv_unit, RAW_PART)); break; default: diff --git a/sys/arch/arm64/arm64/cpu.c b/sys/arch/arm64/arm64/cpu.c index 60f020f91..de5bf4008 100644 --- a/sys/arch/arm64/arm64/cpu.c +++ b/sys/arch/arm64/arm64/cpu.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cpu.c,v 1.118 2024/05/30 04:16:25 tb Exp $ */ +/* $OpenBSD: cpu.c,v 1.119 2024/06/11 15:44:55 kettenis Exp $ */ /* * Copyright (c) 2016 Dale Rahn @@ -1802,6 +1802,10 @@ cpu_opp_mountroot(struct device *self) min = ot->ot_opp_hz_min; max = ot->ot_opp_hz_max; level_hz = clock_get_frequency(ci->ci_node, NULL); + if (level_hz < min) + level_hz = min; + if (level_hz > max) + level_hz = max; level = howmany(100 * (level_hz - min), (max - min)); } diff --git a/sys/arch/arm64/include/conf.h b/sys/arch/arm64/include/conf.h index 1eefde6be..c933c5c11 100644 --- a/sys/arch/arm64/include/conf.h +++ b/sys/arch/arm64/include/conf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: conf.h,v 1.4 2022/06/28 14:43:50 visa Exp $ */ +/* $OpenBSD: conf.h,v 1.5 2024/06/12 02:50:25 jsg Exp $ */ /* $NetBSD: conf.h,v 1.2 1996/05/05 19:28:34 christos Exp $ */ /* @@ -58,43 +58,4 @@ cdev_decl(openprom); cdev_decl(apm); cdev_decl(acpiapm); -/* - * These numbers have to be in sync with bdevsw/cdevsw. - */ - -#define BMAJ_WD 0 -#define BMAJ_SW 1 -#define BMAJ_SD 4 -#define BMAJ_ST 5 - -#define CMAJ_MM 2 -#define CMAJ_PTS 5 -#define CMAJ_PTC 6 -#define CMAJ_COM 8 -#define CMAJ_WSDISPLAY 12 -#define CMAJ_ST 14 -#define CMAJ_LPT 16 -#define CMAJ_CH 17 -#define CMAJ_UK 20 -#define CMAJ_BPF 23 -#define CMAJ_TUN 40 -#define CMAJ_AUDIO 42 -#define CMAJ_VIDEO 44 -#define CMAJ_BKTR 49 -#define CMAJ_MIDI 52 -#define CMAJ_USB 61 -#define CMAJ_UHID 62 -#define CMAJ_UGEN 63 -#define CMAJ_ULPT 64 -#define CMAJ_UCOM 66 -#define CMAJ_WSKBD 67 -#define CMAJ_WSMOUSE 68 -#ifdef USER_PCICONF -#define CMAJ_PCI 72 -#endif -#define CMAJ_RADIO 76 -#define CMAJ_DRM 87 -#define CMAJ_GPIO 88 -#define CMAJ_VSCSI 89 - #endif /* _MACHINE_CONF_H_ */ diff --git a/sys/arch/i386/i386/conf.c b/sys/arch/i386/i386/conf.c index e1eb703c1..a6995b8c2 100644 --- a/sys/arch/i386/i386/conf.c +++ b/sys/arch/i386/i386/conf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf.c,v 1.176 2023/03/06 17:20:06 miod Exp $ */ +/* $OpenBSD: conf.c,v 1.178 2024/06/11 09:21:32 jsg Exp $ */ /* $NetBSD: conf.c,v 1.75 1996/05/03 19:40:20 christos Exp $ */ /* @@ -115,14 +115,6 @@ cdev_decl(pcmcia); #endif #include "spkr.h" cdev_decl(spkr); -#if 0 /* old (non-wsmouse) drivers */ -#include "mms.h" -cdev_decl(mms); -#include "lms.h" -cdev_decl(lms); -#include "opms.h" -cdev_decl(pms); -#endif #include "cy.h" cdev_decl(cy); #include "tun.h" @@ -148,7 +140,6 @@ cdev_decl(cztty); #include "nvram.h" cdev_decl(nvram); #include "drm.h" -cdev_decl(drm); #include "wsdisplay.h" #include "wskbd.h" diff --git a/sys/arch/i386/include/conf.h b/sys/arch/i386/include/conf.h index ecebaeed6..c4d23f9ca 100644 --- a/sys/arch/i386/include/conf.h +++ b/sys/arch/i386/include/conf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: conf.h,v 1.20 2022/06/28 14:43:50 visa Exp $ */ +/* $OpenBSD: conf.h,v 1.21 2024/06/11 03:28:42 jsg Exp $ */ /* $NetBSD: conf.h,v 1.2 1996/05/05 19:28:34 christos Exp $ */ /* @@ -35,7 +35,6 @@ #define mmread mmrw #define mmwrite mmrw cdev_decl(mm); -cdev_decl(pms); bdev_decl(fd); cdev_decl(fd); @@ -48,12 +47,6 @@ cdev_decl(fd); cdev_decl(spkr); -cdev_decl(mms); - -cdev_decl(lms); - -cdev_decl(pms); - cdev_decl(joy); cdev_decl(bios); diff --git a/sys/dev/acpi/acpi.c b/sys/dev/acpi/acpi.c index 09c4b56d3..ae1e37558 100644 --- a/sys/dev/acpi/acpi.c +++ b/sys/dev/acpi/acpi.c @@ -1,4 +1,4 @@ -/* $OpenBSD: acpi.c,v 1.430 2024/06/02 11:08:41 kettenis Exp $ */ +/* $OpenBSD: acpi.c,v 1.431 2024/06/11 17:35:26 kettenis Exp $ */ /* * Copyright (c) 2005 Thorsten Lockert * Copyright (c) 2005 Jordan Hargrave @@ -26,6 +26,7 @@ #include #include #include +#include #include #include @@ -726,8 +727,10 @@ acpi_pci_min_powerstate(pci_chipset_tag_t pc, pcitag_t tag) if (pdev->bus == bus && pdev->dev == dev && pdev->fun == fun) { switch (acpi_softc->sc_state) { case ACPI_STATE_S0: - defaultstate = PCI_PMCSR_STATE_D3; - state = pdev->_s0w; + if (boothowto & RB_POWERDOWN) { + defaultstate = PCI_PMCSR_STATE_D3; + state = pdev->_s0w; + } break; case ACPI_STATE_S3: defaultstate = PCI_PMCSR_STATE_D3; diff --git a/sys/dev/fdt/rkclock.c b/sys/dev/fdt/rkclock.c index 71e1afea3..65846ba61 100644 --- a/sys/dev/fdt/rkclock.c +++ b/sys/dev/fdt/rkclock.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rkclock.c,v 1.88 2024/04/01 11:16:11 patrick Exp $ */ +/* $OpenBSD: rkclock.c,v 1.89 2024/06/11 09:15:33 kettenis Exp $ */ /* * Copyright (c) 2017, 2018 Mark Kettenis * @@ -4002,6 +4002,11 @@ const struct rkclock rk3588_clocks[] = { SEL(11, 10), 0, { RK3588_CLK_200M_SRC, RK3588_CLK_150M_SRC, RK3588_XIN24M }, }, + { + RK3588_CLK_TSADC, RK3588_CRU_CLKSEL_CON(41), + SEL(8, 8), DIV(7, 0), + { RK3588_PLL_GPLL, RK3588_XIN24M }, + }, { RK3588_CLK_UART1_SRC, RK3588_CRU_CLKSEL_CON(41), SEL(14, 14), DIV(13, 9), @@ -4554,6 +4559,14 @@ rk3588_reset(void *cookie, uint32_t *cells, int on) uint32_t bit, mask, reg; switch (idx) { + case RK3588_SRST_P_TSADC: + reg = RK3588_CRU_SOFTRST_CON(12); + bit = 0; + break; + case RK3588_SRST_TSADC: + reg = RK3588_CRU_SOFTRST_CON(12); + bit = 1; + break; case RK3588_SRST_A_GMAC0: reg = RK3588_CRU_SOFTRST_CON(32); bit = 10; diff --git a/sys/dev/fdt/rkclock_clocks.h b/sys/dev/fdt/rkclock_clocks.h index 793c1a021..c7707355c 100644 --- a/sys/dev/fdt/rkclock_clocks.h +++ b/sys/dev/fdt/rkclock_clocks.h @@ -427,6 +427,7 @@ #define RK3588_CLK_SPI2 153 #define RK3588_CLK_SPI3 154 #define RK3588_CLK_SPI4 155 +#define RK3588_CLK_TSADC 158 #define RK3588_CLK_UART1_SRC 168 #define RK3588_CLK_UART1_FRAC 169 #define RK3588_CLK_UART1 170 @@ -510,6 +511,8 @@ #define RK3588_PLL_SPLL 1022 #define RK3588_XIN24M 1023 +#define RK3588_SRST_P_TSADC 86 +#define RK3588_SRST_TSADC 87 #define RK3588_SRST_A_GMAC0 291 #define RK3588_SRST_A_GMAC1 292 #define RK3588_SRST_PCIE0_POWER_UP 294 diff --git a/sys/dev/ic/qwx.c b/sys/dev/ic/qwx.c index ecd69cf52..41b5be9bb 100644 --- a/sys/dev/ic/qwx.c +++ b/sys/dev/ic/qwx.c @@ -1,4 +1,4 @@ -/* $OpenBSD: qwx.c,v 1.62 2024/05/29 07:24:26 stsp Exp $ */ +/* $OpenBSD: qwx.c,v 1.63 2024/06/11 10:06:35 stsp Exp $ */ /* * Copyright 2023 Stefan Sperling @@ -23150,7 +23150,8 @@ qwx_init_task(void *arg) int s = splnet(); rw_enter_write(&sc->ioctl_rwl); - qwx_stop(ifp); + if (ifp->if_flags & IFF_RUNNING) + qwx_stop(ifp); if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == IFF_UP) qwx_init(ifp); diff --git a/sys/dev/pci/if_qwx_pci.c b/sys/dev/pci/if_qwx_pci.c index 0dc2a2872..f3e2df6b5 100644 --- a/sys/dev/pci/if_qwx_pci.c +++ b/sys/dev/pci/if_qwx_pci.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_qwx_pci.c,v 1.19 2024/05/28 09:26:55 stsp Exp $ */ +/* $OpenBSD: if_qwx_pci.c,v 1.20 2024/06/11 10:06:35 stsp Exp $ */ /* * Copyright 2023 Stefan Sperling @@ -4091,7 +4091,9 @@ qwx_pci_intr(void *arg) #else printf("%s: fatal firmware error\n", sc->sc_dev.dv_xname); - if (!test_bit(ATH11K_FLAG_CRASH_FLUSH, sc->sc_flags)) { + if (!test_bit(ATH11K_FLAG_CRASH_FLUSH, sc->sc_flags) && + (sc->sc_ic.ic_if.if_flags & (IFF_UP | IFF_RUNNING)) == + (IFF_UP | IFF_RUNNING)) { /* Try to reset the device. */ set_bit(ATH11K_FLAG_CRASH_FLUSH, sc->sc_flags); task_add(systq, &sc->init_task); diff --git a/sys/dev/pv/if_vio.c b/sys/dev/pv/if_vio.c index 945179681..353e42b09 100644 --- a/sys/dev/pv/if_vio.c +++ b/sys/dev/pv/if_vio.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_vio.c,v 1.38 2024/06/09 16:25:28 jan Exp $ */ +/* $OpenBSD: if_vio.c,v 1.40 2024/06/10 19:26:17 jan Exp $ */ /* * Copyright (c) 2012 Stefan Fritsch, Alexander Fiveg. @@ -169,6 +169,9 @@ struct virtio_net_ctrl_cmd { # define VIRTIO_NET_CTRL_VLAN_ADD 0 # define VIRTIO_NET_CTRL_VLAN_DEL 1 +#define VIRTIO_NET_CTRL_GUEST_OFFLOADS 5 +# define VIRTIO_NET_CTRL_GUEST_OFFLOADS_SET 0 + struct virtio_net_ctrl_status { uint8_t ack; } __packed; @@ -179,6 +182,10 @@ struct virtio_net_ctrl_rx { uint8_t onoff; } __packed; +struct virtio_net_ctrl_guest_offloads { + uint64_t offloads; +} __packed; + struct virtio_net_ctrl_mac_tbl { uint32_t nentries; uint8_t macs[][ETHER_ADDR_LEN]; @@ -220,6 +227,7 @@ struct vio_softc { struct virtio_net_ctrl_cmd *sc_ctrl_cmd; struct virtio_net_ctrl_status *sc_ctrl_status; struct virtio_net_ctrl_rx *sc_ctrl_rx; + struct virtio_net_ctrl_guest_offloads *sc_ctrl_guest_offloads; struct virtio_net_ctrl_mac_tbl *sc_ctrl_mac_tbl_uc; #define sc_ctrl_mac_info sc_ctrl_mac_tbl_uc struct virtio_net_ctrl_mac_tbl *sc_ctrl_mac_tbl_mc; @@ -289,6 +297,7 @@ void vio_txtick(void *); void vio_link_state(struct ifnet *); int vio_config_change(struct virtio_softc *); int vio_ctrl_rx(struct vio_softc *, int, int); +int vio_ctrl_guest_offloads(struct vio_softc *, uint64_t); int vio_set_rx_filter(struct vio_softc *); void vio_iff(struct vio_softc *); int vio_media_change(struct ifnet *); @@ -414,6 +423,7 @@ vio_alloc_mem(struct vio_softc *sc) allocsize += sizeof(struct virtio_net_ctrl_cmd) * 1; allocsize += sizeof(struct virtio_net_ctrl_status) * 1; allocsize += sizeof(struct virtio_net_ctrl_rx) * 1; + allocsize += sizeof(struct virtio_net_ctrl_guest_offloads) * 1; allocsize += VIO_CTRL_MAC_INFO_SIZE; } sc->sc_dma_size = allocsize; @@ -433,6 +443,8 @@ vio_alloc_mem(struct vio_softc *sc) offset += sizeof(*sc->sc_ctrl_status); sc->sc_ctrl_rx = (void*)(kva + offset); offset += sizeof(*sc->sc_ctrl_rx); + sc->sc_ctrl_guest_offloads = (void*)(kva + offset); + offset += sizeof(*sc->sc_ctrl_guest_offloads); sc->sc_ctrl_mac_tbl_uc = (void*)(kva + offset); offset += sizeof(*sc->sc_ctrl_mac_tbl_uc) + ETHER_ADDR_LEN * VIRTIO_NET_CTRL_MAC_UC_ENTRIES; @@ -454,7 +466,8 @@ vio_alloc_mem(struct vio_softc *sc) sc->sc_tx_mbufs = sc->sc_rx_mbufs + rxqsize; for (i = 0; i < rxqsize; i++) { - r = bus_dmamap_create(vsc->sc_dmat, MCLBYTES, 1, MCLBYTES, 0, + r = bus_dmamap_create(vsc->sc_dmat, MAXMCLBYTES, + MAXMCLBYTES/PAGE_SIZE + 1, MCLBYTES, 0, BUS_DMA_NOWAIT|BUS_DMA_ALLOCNOW, &sc->sc_rx_dmamaps[i]); if (r != 0) goto err_reqs; @@ -550,6 +563,10 @@ vio_attach(struct device *parent, struct device *self, void *aux) vsc->sc_driver_features |= VIRTIO_NET_F_HOST_TSO4; vsc->sc_driver_features |= VIRTIO_NET_F_HOST_TSO6; + vsc->sc_driver_features |= VIRTIO_NET_F_CTRL_GUEST_OFFLOADS; + vsc->sc_driver_features |= VIRTIO_NET_F_GUEST_TSO4; + vsc->sc_driver_features |= VIRTIO_NET_F_GUEST_TSO6; + virtio_negotiate_features(vsc, virtio_net_feature_names); if (virtio_has_feature(vsc, VIRTIO_NET_F_MAC)) { vio_get_lladdr(&sc->sc_ac, vsc); @@ -616,6 +633,14 @@ vio_attach(struct device *parent, struct device *self, void *aux) ifp->if_capabilities |= IFCAP_TSOv4; if (virtio_has_feature(vsc, VIRTIO_NET_F_HOST_TSO6)) ifp->if_capabilities |= IFCAP_TSOv6; + + if (virtio_has_feature(vsc, VIRTIO_NET_F_CTRL_GUEST_OFFLOADS) && + (virtio_has_feature(vsc, VIRTIO_NET_F_GUEST_TSO4) || + virtio_has_feature(vsc, VIRTIO_NET_F_GUEST_TSO6))) { + ifp->if_xflags |= IFXF_LRO; + ifp->if_capabilities |= IFCAP_LRO; + } + ifq_init_maxlen(&ifp->if_snd, vsc->sc_vqs[1].vq_num - 1); ifmedia_init(&sc->sc_media, 0, vio_media_change, vio_media_status); ifmedia_add(&sc->sc_media, IFM_ETHER | IFM_AUTO, 0, NULL); @@ -692,6 +717,7 @@ int vio_init(struct ifnet *ifp) { struct vio_softc *sc = ifp->if_softc; + struct virtio_softc *vsc = sc->sc_virtio; vio_stop(ifp, 0); if_rxr_init(&sc->sc_rx_ring, 2 * ((ifp->if_hardmtu / MCLBYTES) + 1), @@ -701,6 +727,22 @@ vio_init(struct ifnet *ifp) ifq_clr_oactive(&ifp->if_snd); vio_iff(sc); vio_link_state(ifp); + + if (virtio_has_feature(vsc, VIRTIO_NET_F_CTRL_GUEST_OFFLOADS)) { + uint64_t features = 0; + + SET(features, VIRTIO_NET_F_GUEST_CSUM); + + if (ISSET(ifp->if_xflags, IFXF_LRO)) { + if (virtio_has_feature(vsc, VIRTIO_NET_F_GUEST_TSO4)) + SET(features, VIRTIO_NET_F_GUEST_TSO4); + if (virtio_has_feature(vsc, VIRTIO_NET_F_GUEST_TSO6)) + SET(features, VIRTIO_NET_F_GUEST_TSO6); + } + + vio_ctrl_guest_offloads(sc, features); + } + return 0; } @@ -844,7 +886,8 @@ again: break; } if (r != 0) - panic("enqueue_prep for a tx buffer: %d", r); + panic("%s: enqueue_prep for tx buffer: %d", + sc->sc_dev.dv_xname, r); hdr = &sc->sc_tx_hdrs[slot]; memset(hdr, 0, sc->sc_hdr_size); @@ -1025,7 +1068,8 @@ vio_populate_rx_mbufs(struct vio_softc *sc) if (r == EAGAIN) break; if (r != 0) - panic("enqueue_prep for rx buffers: %d", r); + panic("%s: enqueue_prep for rx buffer: %d", + sc->sc_dev.dv_xname, r); if (sc->sc_rx_mbufs[slot] == NULL) { r = vio_add_rx_mbuf(sc, slot); if (r != 0) { @@ -1087,6 +1131,24 @@ vio_rx_offload(struct mbuf *m, struct virtio_net_hdr *hdr) if (ISSET(hdr->flags, VIRTIO_NET_HDR_F_NEEDS_CSUM)) SET(m->m_pkthdr.csum_flags, M_UDP_CSUM_OUT); } + + if (hdr->gso_type == VIRTIO_NET_HDR_GSO_TCPV4 || + hdr->gso_type == VIRTIO_NET_HDR_GSO_TCPV6) { + uint16_t mss = hdr->gso_size; + + if (!ext.tcp || mss == 0) { + tcpstat_inc(tcps_inbadlro); + return; + } + + if ((ext.paylen + mss - 1) / mss <= 1) + return; + + tcpstat_inc(tcps_inhwlro); + tcpstat_add(tcps_inpktlro, (ext.paylen + mss - 1) / mss); + SET(m->m_pkthdr.csum_flags, M_TCP_TSO); + m->m_pkthdr.ph_mss = mss; + } } /* dequeue received packets */ @@ -1341,10 +1403,12 @@ vio_ctrl_rx(struct vio_softc *sc, int cmd, int onoff) r = virtio_enqueue_prep(vq, &slot); if (r != 0) - panic("%s: control vq busy!?", sc->sc_dev.dv_xname); + panic("%s: %s virtio_enqueue_prep: control vq busy", + sc->sc_dev.dv_xname, __func__); r = virtio_enqueue_reserve(vq, slot, 3); if (r != 0) - panic("%s: control vq busy!?", sc->sc_dev.dv_xname); + panic("%s: %s virtio_enqueue_reserve: control vq busy", + sc->sc_dev.dv_xname, __func__); VIO_DMAMEM_ENQUEUE(sc, vq, slot, sc->sc_ctrl_cmd, sizeof(*sc->sc_ctrl_cmd), 1); VIO_DMAMEM_ENQUEUE(sc, vq, slot, sc->sc_ctrl_rx, @@ -1376,6 +1440,69 @@ out: return r; } +int +vio_ctrl_guest_offloads(struct vio_softc *sc, uint64_t features) +{ + struct virtio_softc *vsc = sc->sc_virtio; + struct virtqueue *vq = &sc->sc_vq[VQCTL]; + int r, slot; + + splassert(IPL_NET); + + if ((r = vio_wait_ctrl(sc)) != 0) + return r; + + sc->sc_ctrl_cmd->class = VIRTIO_NET_CTRL_GUEST_OFFLOADS; + sc->sc_ctrl_cmd->command = VIRTIO_NET_CTRL_GUEST_OFFLOADS_SET; + sc->sc_ctrl_guest_offloads->offloads = features; + + VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_cmd, + sizeof(*sc->sc_ctrl_cmd), BUS_DMASYNC_PREWRITE); + VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_guest_offloads, + sizeof(*sc->sc_ctrl_guest_offloads), BUS_DMASYNC_PREWRITE); + VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_status, + sizeof(*sc->sc_ctrl_status), BUS_DMASYNC_PREREAD); + + r = virtio_enqueue_prep(vq, &slot); + if (r != 0) + panic("%s: %s virtio_enqueue_prep: control vq busy", + sc->sc_dev.dv_xname, __func__); + r = virtio_enqueue_reserve(vq, slot, 3); + if (r != 0) + panic("%s: %s virtio_enqueue_reserve: control vq busy", + sc->sc_dev.dv_xname, __func__); + VIO_DMAMEM_ENQUEUE(sc, vq, slot, sc->sc_ctrl_cmd, + sizeof(*sc->sc_ctrl_cmd), 1); + VIO_DMAMEM_ENQUEUE(sc, vq, slot, sc->sc_ctrl_guest_offloads, + sizeof(*sc->sc_ctrl_guest_offloads), 1); + VIO_DMAMEM_ENQUEUE(sc, vq, slot, sc->sc_ctrl_status, + sizeof(*sc->sc_ctrl_status), 0); + virtio_enqueue_commit(vsc, vq, slot, 1); + + if ((r = vio_wait_ctrl_done(sc)) != 0) + goto out; + + VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_cmd, + sizeof(*sc->sc_ctrl_cmd), BUS_DMASYNC_POSTWRITE); + VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_guest_offloads, + sizeof(*sc->sc_ctrl_guest_offloads), BUS_DMASYNC_POSTWRITE); + VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_status, + sizeof(*sc->sc_ctrl_status), BUS_DMASYNC_POSTREAD); + + if (sc->sc_ctrl_status->ack == VIRTIO_NET_OK) { + r = 0; + } else { + printf("%s: features 0x%llx failed\n", sc->sc_dev.dv_xname, + features); + r = EIO; + } + + DPRINTF("%s: features 0x%llx: %d\n", __func__, features, r); + out: + vio_ctrl_wakeup(sc, FREE); + return r; +} + int vio_wait_ctrl(struct vio_softc *sc) { @@ -1463,10 +1590,12 @@ vio_set_rx_filter(struct vio_softc *sc) r = virtio_enqueue_prep(vq, &slot); if (r != 0) - panic("%s: control vq busy!?", sc->sc_dev.dv_xname); + panic("%s: %s virtio_enqueue_prep: control vq busy", + sc->sc_dev.dv_xname, __func__); r = virtio_enqueue_reserve(vq, slot, 4); if (r != 0) - panic("%s: control vq busy!?", sc->sc_dev.dv_xname); + panic("%s: %s virtio_enqueue_reserve: control vq busy", + sc->sc_dev.dv_xname, __func__); VIO_DMAMEM_ENQUEUE(sc, vq, slot, sc->sc_ctrl_cmd, sizeof(*sc->sc_ctrl_cmd), 1); VIO_DMAMEM_ENQUEUE(sc, vq, slot, sc->sc_ctrl_mac_tbl_uc, diff --git a/sys/sys/conf.h b/sys/sys/conf.h index 798ded6ff..422cd7f5c 100644 --- a/sys/sys/conf.h +++ b/sys/sys/conf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: conf.h,v 1.161 2023/01/14 12:11:11 kettenis Exp $ */ +/* $OpenBSD: conf.h,v 1.163 2024/06/11 01:49:17 jsg Exp $ */ /* $NetBSD: conf.h,v 1.33 1996/05/03 20:03:32 christos Exp $ */ /*- @@ -582,8 +582,6 @@ cdev_decl(ch); bdev_decl(sd); cdev_decl(sd); -cdev_decl(ses); - cdev_decl(st); bdev_decl(cd); @@ -621,7 +619,6 @@ cdev_decl(kstat); cdev_decl(bio); cdev_decl(vscsi); -cdev_decl(gpr); cdev_decl(bktr); cdev_decl(usb); @@ -631,7 +628,6 @@ cdev_decl(fido); cdev_decl(ujoy); cdev_decl(ucom); cdev_decl(ulpt); -cdev_decl(urio); cdev_decl(hotplug); cdev_decl(gpio); diff --git a/sys/sys/msg.h b/sys/sys/msg.h index f93c27b92..b03bb7b04 100644 --- a/sys/sys/msg.h +++ b/sys/sys/msg.h @@ -1,4 +1,4 @@ -/* $OpenBSD: msg.h,v 1.21 2024/04/30 17:03:05 op Exp $ */ +/* $OpenBSD: msg.h,v 1.22 2024/06/10 04:10:25 jsg Exp $ */ /* $NetBSD: msg.h,v 1.9 1996/02/09 18:25:18 christos Exp $ */ /* @@ -85,25 +85,7 @@ struct que { if (--(q)->que_references == 0 && (q)->que_flags & MSGQ_DYING) \ wakeup_one(&(q)->que_references); \ } while (0) -#endif -/* - * Structure describing a message. The SVID doesn't suggest any - * particular name for this structure. There is a reference in the - * msgop man page that reads "The structure mymsg is an example of what - * this user defined buffer might look like, and includes the following - * members:". This sentence is followed by two lines equivalent - * to the mtype and mtext field declarations below. It isn't clear - * if "mymsg" refers to the name of the structure type or the name of an - * instance of the structure... - */ -struct mymsg { - long mtype; /* message type (+ve integer) */ - char mtext[1]; /* message body */ -}; - - -#ifdef _KERNEL /* * Based on the configuration parameters described in an SVR2 (yes, two) * config(1m) man page. diff --git a/usr.bin/ssh/monitor_wrap.c b/usr.bin/ssh/monitor_wrap.c index ae254bc26..08b7b1427 100644 --- a/usr.bin/ssh/monitor_wrap.c +++ b/usr.bin/ssh/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.131 2024/06/06 17:15:25 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.135 2024/06/11 02:54:51 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -160,7 +160,8 @@ mm_reap(void) cleanup_exit(signal_is_crash(WTERMSIG(status)) ? EXIT_CHILD_CRASH : 255); } else { - error_f("preauth child terminated abnormally"); + error_f("preauth child terminated abnormally (status=0x%x)", + status); cleanup_exit(EXIT_CHILD_CRASH); } } @@ -170,7 +171,7 @@ mm_request_receive(int sock, struct sshbuf *m) { u_char buf[4], *p = NULL; u_int msg_len; - int r; + int oerrno, r; debug3_f("entering"); @@ -188,8 +189,13 @@ mm_request_receive(int sock, struct sshbuf *m) sshbuf_reset(m); if ((r = sshbuf_reserve(m, msg_len, &p)) != 0) fatal_fr(r, "reserve"); - if (atomicio(read, sock, p, msg_len) != msg_len) - fatal_f("read: %s", strerror(errno)); + if (atomicio(read, sock, p, msg_len) != msg_len) { + oerrno = errno; + error_f("read: %s", strerror(errno)); + if (oerrno == EPIPE) + mm_reap(); + cleanup_exit(255); + } } void diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c index 89909819c..2caa16039 100644 --- a/usr.bin/ssh/servconf.c +++ b/usr.bin/ssh/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.409 2024/06/06 20:25:48 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.410 2024/06/11 00:36:20 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -1924,7 +1924,7 @@ process_server_config_line_depth(ServerOptions *options, char *line, charptr = &options->per_source_penalty_exempt; arg = argv_next(&ac, &av); if (!arg || *arg == '\0') - fatal("%s line %d: missing file name.", + fatal("%s line %d: missing argument.", filename, linenum); if (addr_match_list(NULL, arg) != 0) { fatal("%s line %d: keyword %s " diff --git a/usr.bin/ssh/srclimit.c b/usr.bin/ssh/srclimit.c index ffea6a397..c4bc5fee2 100644 --- a/usr.bin/ssh/srclimit.c +++ b/usr.bin/ssh/srclimit.c @@ -106,6 +106,8 @@ srclimit_init(int max, int persource, int ipv4len, int ipv6len, penalty_cfg = *penalty_conf; penalty_exempt = penalty_exempt_conf == NULL ? NULL : xstrdup(penalty_exempt_conf); + RB_INIT(&penalties_by_addr); + RB_INIT(&penalties_by_expiry); if (max_persource == INT_MAX) /* no limit */ return; debug("%s: max connections %d, per source %d, masks %d,%d", __func__, @@ -115,8 +117,6 @@ srclimit_init(int max, int persource, int ipv4len, int ipv6len, children = xcalloc(max_children, sizeof(*children)); for (i = 0; i < max_children; i++) children[i].id = -1; - RB_INIT(&penalties_by_addr); - RB_INIT(&penalties_by_expiry); } /* returns 1 if connection allowed, 0 if not allowed. */ @@ -259,7 +259,7 @@ srclimit_penalty_check_allow(int sock, const char **reason) return 1; } } - if (npenalties > (size_t)penalty_cfg.max_sources && + if (npenalties >= (size_t)penalty_cfg.max_sources && penalty_cfg.overflow_mode == PER_SOURCE_PENALTY_OVERFLOW_DENY_ALL) { *reason = "too many penalised addresses"; return 0; @@ -293,14 +293,14 @@ srclimit_remove_expired_penalties(void) while (npenalties > (size_t)penalty_cfg.max_sources) { if ((p = RB_MIN(penalties_by_expiry, &penalties_by_expiry)) == NULL) - break; /* shouldn't happen */ + fatal_f("internal error: penalty tables corrupt (find)"); bits = p->addr.af == AF_INET ? ipv4_masklen : ipv6_masklen; addr_masklen_ntop(&p->addr, bits, s, sizeof(s)); debug3_f("overflow, remove %s", s); if (RB_REMOVE(penalties_by_expiry, &penalties_by_expiry, p) != p || RB_REMOVE(penalties_by_addr, &penalties_by_addr, p) != p) - fatal_f("internal error: penalty tables corrupt"); + fatal_f("internal error: penalty tables corrupt (remove)"); free(p); npenalties--; } diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index 92c183466..390cf9804 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.358 2024/06/06 21:14:49 jmc Exp $ -.Dd $Mdocdate: June 6 2024 $ +.\" $OpenBSD: sshd_config.5,v 1.360 2024/06/11 05:24:39 jmc Exp $ +.Dd $Mdocdate: June 11 2024 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -1562,45 +1562,51 @@ which means each address is considered individually. Controls penalties for various conditions that may represent attacks on .Xr sshd 8 . If a penalty is enforced against a client then its source address and any -others in the -.Cm PerSourceNetBlockSize +others in the same network, as defined by +.Cm PerSourceNetBlockSize , will be refused connection for a period. +.Pp A penalty doesn't affect concurrent connections in progress, but multiple penalties from the same source from concurrent connections will accumulate up to a maximum. Conversely, penalties are not applied until a minimum threshold time has been accumulated. -Penalties are off by default but may be enabled using default settings using the -.Cm yes -keyword or by specifying one or more of the keywords below. .Pp -Penalties are controlled using the following keywords, all of which accept -arguments, e.g.\& +Penalties are enabled by default with the default settings listed below +but may disabled using the +.Cm off +keyword. +The defaults may be overridden by specifying one or more of the keywords below, +separated by whitespace. +All keywords accept arguments, e.g.\& .Qq crash:2m . .Bl -tag -width Ds .It Cm crash:duration Specifies how long to refuse clients that cause a crash of -.Xr sshd 8 . +.Xr sshd 8 (default: 90s). .It Cm authfail:duration Specifies how long to refuse clients that disconnect after making one or more -unsuccessful authentication attempts. +unsuccessful authentication attempts (default: 5s). .It Cm noauth:duration Specifies how long to refuse clients that disconnect without attempting -authentication. +authentication (default: 1s). This timeout should be used cautiously otherwise it may penalise legitimate scanning tools such as .Xr ssh-keyscan 1 . .It Cm grace-exceeded:duration Specifies how long to refuse clients that fail to authenticate after -.Cm LoginGraceTime . +.Cm LoginGraceTime +(default: 20s). .It Cm max:duration Specifies the maximum time a particular source address range will be refused -access for. +access for (default: 10m). Repeated penalties will accumulate up to this maximum. .It Cm min:duration -Specifies the minimum penalty that must accrue before enforcement begins. +Specifies the minimum penalty that must accrue before enforcement begins +(default: 15s). .It Cm max-sources:number -Specifies the maximum number of penalise client address ranges to track. +Specifies the maximum number of penalise client address ranges to track +(default: 65536). .It Cm overflow:mode Controls how the server behaves when .Cm max-sources @@ -1611,7 +1617,8 @@ which denies all incoming connections other than those exempted via .Cm PerSourcePenaltyExemptList until a penalty expires, and .Cm permissive , -which allows new connections by removing existing penalties early. +which allows new connections by removing existing penalties early +(default: permissive). .El .It Cm PerSourcePenaltyExemptList Specifies a comma-separated list of addresses to exempt from penalties. diff --git a/usr.sbin/bgpd/session.c b/usr.sbin/bgpd/session.c index ad60a17fe..dd24eb29a 100644 --- a/usr.sbin/bgpd/session.c +++ b/usr.sbin/bgpd/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.479 2024/05/29 10:38:24 claudio Exp $ */ +/* $OpenBSD: session.c,v 1.480 2024/06/10 12:51:25 claudio Exp $ */ /* * Copyright (c) 2003, 2004, 2005 Henning Brauer @@ -1254,7 +1254,11 @@ get_alternate_addr(struct bgpd_addr *local, struct bgpd_addr *remote, match->ifa_addr->sa_family != AF_INET6) continue; if (sa_equal(local, match->ifa_addr)) { - if (match->ifa_flags & IFF_POINTOPOINT && + if (remote->aid == AID_INET6 && + IN6_IS_ADDR_LINKLOCAL(&remote->v6)) { + /* IPv6 LLA are by definition connected */ + connected = 1; + } else if (match->ifa_flags & IFF_POINTOPOINT && match->ifa_dstaddr != NULL) { if (sa_equal(remote, match->ifa_dstaddr)) connected = 1; diff --git a/usr.sbin/rpki-client/cert.c b/usr.sbin/rpki-client/cert.c index ba29b7e48..c0c32a925 100644 --- a/usr.sbin/rpki-client/cert.c +++ b/usr.sbin/rpki-client/cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cert.c,v 1.144 2024/06/08 13:33:49 tb Exp $ */ +/* $OpenBSD: cert.c,v 1.147 2024/06/12 04:01:20 tb Exp $ */ /* * Copyright (c) 2022 Theo Buehler * Copyright (c) 2021 Job Snijders @@ -753,18 +753,6 @@ cert_parse_ee_cert(const char *fn, int talid, X509 *x) goto out; } - if (X509_get_key_usage(x) != KU_DIGITAL_SIGNATURE) { - warnx("%s: RFC 6487 section 4.8.4: KU must be digitalSignature", - fn); - goto out; - } - - /* EKU may be allowed for some purposes in the future. */ - if (X509_get_extended_key_usage(x) != UINT32_MAX) { - warnx("%s: RFC 6487 section 4.8.5: EKU not allowed", fn); - goto out; - } - index = X509_get_ext_by_NID(x, NID_sbgp_ipAddrBlock, -1); if ((ext = X509_get_ext(x, index)) != NULL) { if (!sbgp_ipaddrblk(fn, cert, ext)) @@ -809,9 +797,7 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len) int i, extsz; X509 *x = NULL; X509_EXTENSION *ext = NULL; - const X509_ALGOR *palg; - const ASN1_BIT_STRING *piuid = NULL, *psuid = NULL; - const ASN1_OBJECT *cobj; + const ASN1_BIT_STRING *issuer_uid = NULL, *subject_uid = NULL; ASN1_OBJECT *obj; EVP_PKEY *pkey; int nid, ip, as, sia, cp, crldp, aia, aki, ski, @@ -844,13 +830,10 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len) goto out; } - X509_get0_signature(NULL, &palg, x); - if (palg == NULL) { - warnx("%s: X509_get0_signature", fn); + if ((nid = X509_get_signature_nid(x)) == NID_undef) { + warnx("%s: unknown signature type", fn); goto out; } - X509_ALGOR_get0(&cobj, NULL, NULL, palg); - nid = OBJ_obj2nid(cobj); if (experimental && nid == NID_ecdsa_with_SHA256) { if (verbose) warnx("%s: P-256 support is experimental", fn); @@ -860,8 +843,8 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len) goto out; } - X509_get0_uids(x, &piuid, &psuid); - if (piuid != NULL || psuid != NULL) { + X509_get0_uids(x, &issuer_uid, &subject_uid); + if (issuer_uid != NULL || subject_uid != NULL) { warnx("%s: issuer or subject unique identifiers not allowed", fn); goto out; @@ -977,19 +960,6 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len) if (!valid_ca_pkey(fn, pkey)) goto out; - if (X509_get_key_usage(x) != (KU_KEY_CERT_SIGN | KU_CRL_SIGN)) { - warnx("%s: RFC 6487 section 4.8.4: key usage violation", - fn); - goto out; - } - - /* EKU may be allowed for some purposes in the future. */ - if (X509_get_extended_key_usage(x) != UINT32_MAX) { - warnx("%s: RFC 6487 section 4.8.5: EKU not allowed", - fn); - goto out; - } - if (cert->mft == NULL) { warnx("%s: RFC 6487 section 4.8.8: missing SIA", fn); goto out; diff --git a/usr.sbin/rpki-client/cms.c b/usr.sbin/rpki-client/cms.c index 0394680e5..5ef7ebb0d 100644 --- a/usr.sbin/rpki-client/cms.c +++ b/usr.sbin/rpki-client/cms.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms.c,v 1.46 2024/06/08 13:28:35 tb Exp $ */ +/* $OpenBSD: cms.c,v 1.48 2024/06/11 13:09:02 tb Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -15,7 +15,6 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include #include #include #include @@ -287,7 +286,21 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der, /* Compare content-type with eContentType */ octype = CMS_signed_get0_data_by_OBJ(si, cnt_type_oid, -3, V_ASN1_OBJECT); - assert(octype != NULL); + /* + * Since lastpos == -3, octype can be NULL for 4 reasons: + * 1. requested attribute OID is missing + * 2. signedAttrs contains multiple attributes with requested OID + * 3. attribute with requested OID has multiple values (malformed) + * 4. X509_ATTRIBUTE_get0_data() returned NULL. This is also malformed, + * but libcrypto will create, sign, and verify such objects. + * Reasons 1 and 2 are excluded because has_ct == 1. We don't know which + * one of 3 or 4 we hit. Doesn't matter, drop the garbage on the floor. + */ + if (octype == NULL) { + warnx("%s: RFC 6488, section 2.1.6.4.1: malformed value " + "for content-type attribute", fn); + goto out; + } if (OBJ_cmp(obj, octype) != 0) { OBJ_obj2txt(buf, sizeof(buf), obj, 1); OBJ_obj2txt(obuf, sizeof(obuf), octype, 1); diff --git a/usr.sbin/rpki-client/crl.c b/usr.sbin/rpki-client/crl.c index 0e7705c74..5ec57c9b3 100644 --- a/usr.sbin/rpki-client/crl.c +++ b/usr.sbin/rpki-client/crl.c @@ -1,5 +1,6 @@ -/* $OpenBSD: crl.c,v 1.37 2024/06/05 13:36:28 tb Exp $ */ +/* $OpenBSD: crl.c,v 1.40 2024/06/11 15:33:46 tb Exp $ */ /* + * Copyright (c) 2024 Theo Buehler * Copyright (c) 2019 Kristaps Dzonsons * * Permission to use, copy, modify, and distribute this software for any @@ -131,6 +132,7 @@ crl_check_revoked(const char *fn, X509_CRL *x509_crl) * XXX - as of May 2024, ~15% of RPKI CRLs fail this check due * to a bug in rpki-rs/Krill. So silently accept this for now. * https://github.com/NLnetLabs/krill/issues/1197 + * https://github.com/NLnetLabs/rpki-rs/pull/295 */ if (verbose > 1) warnx("%s: RFC 5280, section 5.1.2.6: revoked " @@ -165,9 +167,7 @@ crl_parse(const char *fn, const unsigned char *der, size_t len) { const unsigned char *oder; struct crl *crl; - const X509_ALGOR *palg; const X509_NAME *name; - const ASN1_OBJECT *cobj; const ASN1_TIME *at; int count, nid, rc = 0; @@ -200,13 +200,10 @@ crl_parse(const char *fn, const unsigned char *der, size_t len) if (!x509_valid_name(fn, "issuer", name)) goto out; - X509_CRL_get0_signature(crl->x509_crl, NULL, &palg); - if (palg == NULL) { - warnx("%s: X509_CRL_get0_signature", fn); + if ((nid = X509_CRL_get_signature_nid(crl->x509_crl)) == NID_undef) { + warnx("%s: unknown signature type", fn); goto out; } - X509_ALGOR_get0(&cobj, NULL, NULL, palg); - nid = OBJ_obj2nid(cobj); if (experimental && nid == NID_ecdsa_with_SHA256) { if (verbose) warnx("%s: P-256 support is experimental", fn); diff --git a/usr.sbin/rpki-client/mft.c b/usr.sbin/rpki-client/mft.c index 46c57dbf1..8fa8f6ad5 100644 --- a/usr.sbin/rpki-client/mft.c +++ b/usr.sbin/rpki-client/mft.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mft.c,v 1.116 2024/05/24 12:57:20 tb Exp $ */ +/* $OpenBSD: mft.c,v 1.117 2024/06/11 10:38:40 tb Exp $ */ /* * Copyright (c) 2022 Theo Buehler * Copyright (c) 2019 Kristaps Dzonsons @@ -366,9 +366,8 @@ mft_parse_econtent(const char *fn, struct mft *mft, const unsigned char *d, if (OBJ_obj2nid(mft_asn1->fileHashAlg) != NID_sha256) { warnx("%s: RFC 6486 section 4.2.1: fileHashAlg: " - "want SHA256 object, have %s (NID %d)", fn, - ASN1_tag2str(OBJ_obj2nid(mft_asn1->fileHashAlg)), - OBJ_obj2nid(mft_asn1->fileHashAlg)); + "want SHA256 object, have %s", fn, + nid2str(OBJ_obj2nid(mft_asn1->fileHashAlg))); goto out; } diff --git a/usr.sbin/rpki-client/parser.c b/usr.sbin/rpki-client/parser.c index 10f7975a9..b79ac3f4d 100644 --- a/usr.sbin/rpki-client/parser.c +++ b/usr.sbin/rpki-client/parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: parser.c,v 1.139 2024/06/07 13:24:35 tb Exp $ */ +/* $OpenBSD: parser.c,v 1.140 2024/06/10 11:49:29 tb Exp $ */ /* * Copyright (c) 2019 Claudio Jeker * Copyright (c) 2019 Kristaps Dzonsons @@ -686,7 +686,6 @@ proc_parser_gbr(char *file, const unsigned char *der, size_t len, a = find_issuer(file, entp->certid, gbr->aki, entp->mftaki); crl = crl_get(&crlt, a); - /* return value can be ignored since nothing happens here */ if (!valid_x509(file, ctx, x509, a, crl, &errstr)) { warnx("%s: %s", file, errstr); X509_free(x509); diff --git a/usr.sbin/rpki-client/rpki-client.8 b/usr.sbin/rpki-client/rpki-client.8 index 55d1dcb41..c97b8bfee 100644 --- a/usr.sbin/rpki-client/rpki-client.8 +++ b/usr.sbin/rpki-client/rpki-client.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: rpki-client.8,v 1.105 2024/05/29 13:27:52 tb Exp $ +.\" $OpenBSD: rpki-client.8,v 1.106 2024/06/12 04:24:59 tb Exp $ .\" .\" Copyright (c) 2019 Kristaps Dzonsons .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: May 29 2024 $ +.Dd $Mdocdate: June 12 2024 $ .Dt RPKI-CLIENT 8 .Os .Sh NAME @@ -461,6 +461,12 @@ agreement regarding ARIN service restrictions. .%U https://datatracker.ietf.org/doc/html/draft-spaghetti-sidrops-rpki-crl-numbers .%D May, 2024 .Re +.Pp +.Rs +.%T Same-Origin Policy for RRDP +.%U https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rrdp-same-origin +.%D June, 2024 +.Re .Sh HISTORY .Nm first appeared in diff --git a/usr.sbin/rpki-client/rsc.c b/usr.sbin/rpki-client/rsc.c index 19dddde36..4a849a188 100644 --- a/usr.sbin/rpki-client/rsc.c +++ b/usr.sbin/rpki-client/rsc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsc.c,v 1.34 2024/02/21 09:17:06 tb Exp $ */ +/* $OpenBSD: rsc.c,v 1.35 2024/06/11 10:38:40 tb Exp $ */ /* * Copyright (c) 2022 Theo Buehler * Copyright (c) 2022 Job Snijders @@ -253,8 +253,8 @@ rsc_check_digesttype(const char *fn, struct rsc *rsc, const X509_ALGOR *alg) } if ((nid = OBJ_obj2nid(obj)) != NID_sha256) { - warnx("%s: RSC DigestAlgorithmIdentifier: want SHA256, have %s" - " (NID %d)", fn, ASN1_tag2str(nid), nid); + warnx("%s: RSC DigestAlgorithmIdentifier: want SHA256, have %s", + fn, nid2str(nid)); return 0; } diff --git a/usr.sbin/rpki-client/version.h b/usr.sbin/rpki-client/version.h index d9fb1a356..89dbe65b6 100644 --- a/usr.sbin/rpki-client/version.h +++ b/usr.sbin/rpki-client/version.h @@ -1,3 +1,3 @@ -/* $OpenBSD: version.h,v 1.22 2024/03/01 16:27:34 tb Exp $ */ +/* $OpenBSD: version.h,v 1.23 2024/06/12 04:11:19 tb Exp $ */ -#define RPKI_VERSION "9.0" +#define RPKI_VERSION "9.1" diff --git a/usr.sbin/rpki-client/x509.c b/usr.sbin/rpki-client/x509.c index c264b7327..049dd78ea 100644 --- a/usr.sbin/rpki-client/x509.c +++ b/usr.sbin/rpki-client/x509.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.c,v 1.97 2024/06/08 13:32:30 tb Exp $ */ +/* $OpenBSD: x509.c,v 1.99 2024/06/10 12:44:06 tb Exp $ */ /* * Copyright (c) 2022 Theo Buehler * Copyright (c) 2021 Claudio Jeker @@ -267,15 +267,17 @@ x509_get_ski(X509 *x, const char *fn, char **ski) /* * Check the cert's purpose: the cA bit in basic constraints distinguishes - * between TA/CA and EE/BGPsec router. TAs are self-signed, CAs not self-issued, - * EEs have no extended key usage, BGPsec router have id-kp-bgpsec-router OID. + * between TA/CA and EE/BGPsec router and the key usage bits must match. + * TAs are self-signed, CAs not self-issued, EEs have no extended key usage, + * BGPsec router have id-kp-bgpsec-router OID. */ enum cert_purpose x509_get_purpose(X509 *x, const char *fn) { BASIC_CONSTRAINTS *bc = NULL; EXTENDED_KEY_USAGE *eku = NULL; - int crit, ext_flags, is_ca; + const X509_EXTENSION *ku; + int crit, ext_flags, i, is_ca, ku_idx; enum cert_purpose purpose = CERT_PURPOSE_INVALID; if (!x509_cache_extensions(x, fn)) @@ -283,6 +285,20 @@ x509_get_purpose(X509 *x, const char *fn) ext_flags = X509_get_extension_flags(x); + /* Key usage must be present and critical. KU bits are checked below. */ + if ((ku_idx = X509_get_ext_by_NID(x, NID_key_usage, -1)) < 0) { + warnx("%s: RFC 6487, section 4.8.4: missing KeyUsage", fn); + goto out; + } + if ((ku = X509_get_ext(x, ku_idx)) == NULL) { + warnx("%s: RFC 6487, section 4.8.4: missing KeyUsage", fn); + goto out; + } + if (!X509_EXTENSION_get_critical(ku)) { + warnx("%s: RFC 6487, section 4.8.4: KeyUsage not critical", fn); + goto out; + } + /* This weird API can return 0, 1, 2, 4, 5 but can't error... */ if ((is_ca = X509_check_ca(x)) > 1) { if (is_ca == 4) @@ -314,6 +330,19 @@ x509_get_purpose(X509 *x, const char *fn) "Constraint must be absent", fn); goto out; } + + if (X509_get_key_usage(x) != (KU_KEY_CERT_SIGN | KU_CRL_SIGN)) { + warnx("%s: RFC 6487 section 4.8.4: key usage violation", + fn); + goto out; + } + + if (X509_get_extended_key_usage(x) != UINT32_MAX) { + warnx("%s: RFC 6487 section 4.8.5: EKU not allowed", + fn); + goto out; + } + /* * EXFLAG_SI means that issuer and subject are identical. * EXFLAG_SS is SI plus the AKI is absent or matches the SKI. @@ -335,6 +364,12 @@ x509_get_purpose(X509 *x, const char *fn) goto out; } + if (X509_get_key_usage(x) != KU_DIGITAL_SIGNATURE) { + warnx("%s: RFC 6487 section 4.8.4: KU must be digitalSignature", + fn); + goto out; + } + /* * EKU is only defined for BGPsec Router certs and must be absent from * EE certs. @@ -353,20 +388,15 @@ x509_get_purpose(X509 *x, const char *fn) } /* - * XXX - this isn't quite correct: other EKU OIDs are allowed per - * RFC 8209, section 3.1.3.2, e.g., anyEKU could potentially help - * avoid tripping up validators that don't know about the BGPsec - * router purpose. Drop check or downgrade from error to warning? + * Per RFC 8209, section 3.1.3.2 the id-kp-bgpsec-router OID must be + * present and others are allowed, which we don't need to recognize. + * This matches RFC 5280, section 4.2.1.12. */ - if (sk_ASN1_OBJECT_num(eku) != 1) { - warnx("%s: EKU: expected 1 purpose, have %d", fn, - sk_ASN1_OBJECT_num(eku)); - goto out; - } - - if (OBJ_cmp(bgpsec_oid, sk_ASN1_OBJECT_value(eku, 0)) == 0) { - purpose = CERT_PURPOSE_BGPSEC_ROUTER; - goto out; + for (i = 0; i < sk_ASN1_OBJECT_num(eku); i++) { + if (OBJ_cmp(bgpsec_oid, sk_ASN1_OBJECT_value(eku, i)) == 0) { + purpose = CERT_PURPOSE_BGPSEC_ROUTER; + break; + } } out: diff --git a/usr.sbin/smtpd/lka.c b/usr.sbin/smtpd/lka.c index c27fdba10..c9c79cf7e 100644 --- a/usr.sbin/smtpd/lka.c +++ b/usr.sbin/smtpd/lka.c @@ -1,4 +1,4 @@ -/* $OpenBSD: lka.c,v 1.249 2024/06/09 10:13:05 gilles Exp $ */ +/* $OpenBSD: lka.c,v 1.250 2024/06/11 16:30:06 tb Exp $ */ /* * Copyright (c) 2008 Pierre-Yves Ritschard @@ -294,7 +294,7 @@ lka_imsg(struct mproc *p, struct imsg *imsg) /* revoke proc & exec */ if (pledge("stdio rpath inet dns getpw recvfd sendfd", - NULL) == -1) + NULL) == -1) fatal("pledge"); /* setup proc registering task */